On Sun, 2010-08-22 at 14:48 -0700, C.J. Adams-Collier KF7BMP wrote:
> It was published on a CD, signed by Philipp Kern <address@hidden>, a
> Debian Developer whose identity was verified in person by another DD:
And you believe that Philipp has met officials for all the CAs included
in the Mozilla bundle and verified them?
Mozilla itself just takes them from WebTrust, IIRC,... and we've already
seen recently how securely Mozilla handles this (when they've had a CA
included, from which they didn't even know to whom it belongs).