On Thu, Nov 14, 2013 at 03:35:06PM -0700, Bob Beck wrote: > Geoffrey, I have security concerns about every CA in the list, not just > CACert. > > That notwithstanding, CACert has not proven to be "less crap" than any > of the others > that have, IMO, plenty of issues of their own. I don't buy the > argument that a non-profit > CA hasn't signed up and paid for consortium webtrust audits > particularly a compelling argument that they are not secure (any more > than I believe such things give me much > trust in the other guys). Such audits are marketing tools, not > security assurances.
https://bugzilla.mozilla.org/show_bug.cgi?id=647959 Given the recent confirmation of my suspicions, I would like to see Mozilla remove all the subverted and gagged US CA's from the list first.
