- I am not a lawyer, but I really think you are underestimating the liability issues for the foundation if it chooses to select certificates. Has the Mozilla Foundation hired a lawyer to look at the issue to make a determination of the liability risks the security policy exposes the Foundation to, or is the Foundation in the process of hiring one ? I would love to be wrong, but I think this is definitely something that needs to be looked at by a lawyer, because it's the sort of thing that could take down the foundation if not done very carefully. Just because Mozilla has a legal disclaimer does not mean that you won't be sued. Commercial software comes with plenty of disclaimers, too.
Even if MF relies on a 3rd party whats to absolve them of all responsibility, after all they still included the certificate regardless of any 3rd party saying it was ok, and as previously stated, webtrust/AICPA are a bunch of accountants, with the current certificate practices resolving around commerce, rather then the 100's of other purposes certificates can be used for but are too expensive to get and use. In any case what has webtrust/AICPA done in light of blatant mistakes by companies they have approved? Without a consequence what is to stop any CA, commercial or otherwise from caring who they issue certificates to as long as they make a buck from it?
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
