Policy-Discussion

[Daniel Black <daniel AT cacert.org>]

On Wednesday 31 March 2010 13:07:23 Michael Tänzer wrote:
> > In short my assessment of this is:
> > 1. good gains for end users who want to trust/not trust specific roots
> > 2. harder barrier to entry for end users who don't care ("what I need to
> > add two roots?" at least until root inclusion occurs)
> 
> Or they're going like "oh I have to click two buttons instead of one, oh
> well, still better than layer ads, clicking through licenses, waiting
> because you don't have a premium account for downloading something or
> flash advertisements with sound".
> 
> The risk I'm seeing here is that apart from Mozilla there might be other
> browser vendors who might consider adding CAcert to their trusted roots
> once we have got the audit done. But some may choose that they only want
> the class3 type of certs to be trusted so they need to exclude the
> members subroot somehow. If they have those quirks in their
> implementation they're not going to say "CAcert's roots don't get
> properly recognised in our browser, let's fix our code", but simply
> ignore us.

good points - I'm not deciding - consensus rules after all. Other opinions 
here?

-- 
Daniel Black
CAcert

Attachment: smime.p7s
Description: S/MIME cryptographic signature