[throwaway7767]

It always seemed odd to me how strictly CACert is treated given that TrustWave got a pass when they deliberately sold a root CA certificate for man-in-the-middle purposes.

It's almost as if money is more important than key management practices.

[stullig]

Thanks for all the informed info. I was just always weirded out when my browsers forced me to perform 2-4 clicks because of untrusted connections when visiting websites of say the CCC (who just switched to StartSSL apparently).

Or the CACert website itself.

Always seemed to me like some kind of joke.