The criteria listed in #14 are entirely appropriate given that Mozilla is not a "franchise"
trying to make money, nor charge money. As Mozilla presumably desires to avoid any
liability, it should not pretend that the practices of any of the certificate issuers, or any
standards body, are endorsed. Anyone who wants to be a certificate issuer, can be, as
long as they disclose their practices.
Mozilla needs to work with the limitations of the crypto-based security standard,
HTTPS/SSL. Within that legacy, accepting top level certs on a minimal basis, and
accepting self-signed certs on websites, is probably the best way forward as it would
encourage the use of free crypto.
The criteria listed in #14 are entirely appropriate given that Mozilla is not a "franchise"
trying to make money, nor charge money. As Mozilla presumably desires to avoid any
liability, it should not pretend that the practices of any of the certificate issuers, or any
standards body, are endorsed. Anyone who wants to be a certificate issuer, can be, as
long as they disclose their practices.
Mozilla needs to work with the limitations of the crypto-based security standard,
HTTPS/SSL. Within that legacy, accepting top level certs on a minimal basis, and
accepting self-signed certs on websites, is probably the best way forward as it would
encourage the use of free crypto.