CAcert vs. commercial CAs
Posted Dec 30, 2008 12:29 UTC (Tue) by angdraug
Parent article: SSL man-in-the-middle attacks
I think most important observation in this story is that CAcert.org, the free CA which Mozilla refuses to support in their browsers, implements a better vetting process than many of those commercial CAs supported by Mozilla since days of yore.
Not that I'm surprised with the commercial CAs (I strongly suspect that Comodo wouldn't be the only one with a flakey process): their primary purpose is making money, so the choice between charging you for another certificate and turning you down by the means of a strong vetting process is really a no-brainer. What doesn't stop to amaze me is that Mozilla, supposedly free and security-conscious project, continually refuses to support a fellow free security-focused project. Kind of proves my theory that money is bad for free software.
to post comments)