On 04/15/2009 07:45 AM, David E. Ross wrote:
> On 4/15/2009 5:19 AM, P.N. wrote:
>> Hello!
>> I wonder, why cacert (http://www.cacert.org/) isn't installed as a 
>> certificates issuer - any problems with it? Can I trust it, or shouldn't 
>> I for some reason?
>> Kind regards
>> Peter
> CACert has not gone through an audit or review within the criteria given
> in Sections 7-10 of
> <http://www.mozilla.org/projects/security/certs/policy/>.  Thus, no one
> knows if it can be trusted.  I believe they are now in the process of
> going through that review.
> I did a preliminary review of CACert's documentation a few years ago
> when they first requested inclusion in the NSS database of CA roots.  I
> found some problems that were not major but did indeed require
> correction.  That review never reached the point of looking at CACert's
> practices.  (A review or audit should parallel the ISO 9001 mantra:  Say
> what you do; do what you say; and be prepared to prove it.  Beyond ISO
> 9001, what you say and do must also meet certain standards.)
> Note that only a certificate authority (CA) itself can request
> inclusion.  Users cannot make this request.  CACert made such a request
> in 2003; see <https://bugzilla.mozilla.org/show_bug.cgi?id=215243>.
> However, when it became obvious that they needed to do some work to
> comply with the Mozilla policy, they agreed in 2007 to withdraw the
> request.  They will submit a new request (a new bug report) when they
> are ready to undergo Mozilla's scrutiny.

Adding to David's links:

CAcert's primary focus and largest challenge at present is to meet the
fair but firm policy of Mozilla with a view to inclusion in their
products, including the popular Firefox browser (see Mozilla bug
215243). To that end an Audit is underway (you can refer to the
AuditToDo list for progress and our Certificate Policy Statement is
being refined at CPS (many thanks to Christian Barmala's work on this
topic and for everyone who has contributed to the shaping of these

support-seamonkey mailing list

Reply via email to