On 4/15/2009 5:19 AM, P.N. wrote: > Hello! > > I wonder, why cacert (http://www.cacert.org/) isn't installed as a > certificates issuer - any problems with it? Can I trust it, or shouldn't > I for some reason? > > Kind regards > > Peter >
CACert has not gone through an audit or review within the criteria given in Sections 7-10 of <http://www.mozilla.org/projects/security/certs/policy/>. Thus, no one knows if it can be trusted. I believe they are now in the process of going through that review. I did a preliminary review of CACert's documentation a few years ago when they first requested inclusion in the NSS database of CA roots. I found some problems that were not major but did indeed require correction. That review never reached the point of looking at CACert's practices. (A review or audit should parallel the ISO 9001 mantra: Say what you do; do what you say; and be prepared to prove it. Beyond ISO 9001, what you say and do must also meet certain standards.) Note that only a certificate authority (CA) itself can request inclusion. Users cannot make this request. CACert made such a request in 2003; see <https://bugzilla.mozilla.org/show_bug.cgi?id=215243>. However, when it became obvious that they needed to do some work to comply with the Mozilla policy, they agreed in 2007 to withdraw the request. They will submit a new request (a new bug report) when they are ready to undergo Mozilla's scrutiny. -- David E. Ross <http://www.rossde.com/>. Don't ask "Why is there road rage?" Instead, ask "Why NOT Road Rage?" or "Why Is There No Such Thing as Fast Enough?" <http://www.rossde.com/roadrage.html> _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey