The current CA policy says that root certs cost nothing, not even for commerical CAs. I'd propose to change that. The Mozilla Foundation needs money. Root certs are usually paid (with $$$), as I understood (Frank, do you have some quantative data about that, for large browsers?).
I was not involved directly in root certificate stuff at Netscape, but I believe Netscape charged a fair amount to add a root cert, possibly comparable to a developer's annual salary.
But... note that this was for a browser that had a very large market share; I doubt that the Mozilla Foundation could charge anywhere near that much, if it in fact decided to charge CAs.
Speaking for myself only, I'm not interested in charging CAs, for reasons noted in the metapolicy and expressed by other people in this newsgroup. But if at some point the Mozilla Foundation wants to do it they can certainly do so.
Frank
-- Frank Hecker [EMAIL PROTECTED] _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
