On Mon, 31 Jan 2005 12:41:57 -0800, David Ross wrote: > Until CAcert's practices are reviewed, > the Mozilla Foundation cannot risk its user base by installing > CAcert's root certificate.
Yet the Mozilla foundation has risked the security of it's user base by turning a blind eye to abuses from commercial CA's such as Verisign. The double standard expressed by David here epitomises the Mozilla Foundation's attitude throughout the eighteen months of discussion on this topic. After eighteen months of Mozilla's stalling, it's time for CA-Cert to accept that the Mozilla Foundation is unwilling to work with the free certificate community and that it's prevarication on this issue wastes everyone's time. I advise CA-Cert to utilise it's meagre resources more profitably by finding other avenues to encourage "free security for all." The Mozilla Foundation has shown itself to be an unwilling participant in the community, so it's time for CA-Cert to move on. For Mozilla, it's not about "trust" or "security." Rather, it's about "who pays." This stance is incompatible with community certification. -Simon. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
