While there is plenty of built-in CAs giving free certs away for email I don't know of any doing this for code signing, I can't see how you can enforce this (for mozilla plug-ins) without either having the code signed by a person other then the person writing the code, or people loosing interest in making add-ons for mozilla...
Well it seems there are two options:
1. finding good solutions to securing extensions now
2. finding good solutions to securing extensions after some major exploit has tarnished the credibility of Mozilla based browsers
--pete
-- Pete Collins - Founder, Mozdev Group Inc. www.mozdevgroup.com Mozilla Software Development Solutions _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto