Comment 39 for bug 600779

As far as I can tell, there is no reason ipsCA should not be considered trustworthy. All I see is that they made a mistake in delaying when they notified browser vendors of a new root CA. I'm nearly certain that all new certs issued after their old CA expired were issued using their new CA cert. However, I also think you've missed the point here. If an edu uses their own CA, they need to dedicate staff and resources to do that, and still deal with the fact that the cert exists in no browser right now. A number of people have pointed out central deployment of root CAs in browsers, but are you going to manage every student's personal computer as well? There are even some universities dropping computer labs, so the vast majority of computers are student-owned and not university-managed. If an edu uses ipsCA, the CA is already installed in at least IE and Chrome, but not Mozilla. The latter remains more convenient for helpdesks and users.

And lest we forget, ipsCA never did this: http://www.theregister.co.uk/2008/12/29/ca_mozzilla_cert_snaf/. But did Comodo get removed from Mozilla? Despite the fact that the incident specifically involved Mozilla? Did the vetting process prevent that from happening?

No offense, but sometimes I think people need to act less like computers and more like humans that are capable of more than just following precisely written directions and processes. There are times when an established process no longer fulfills its purpose and does more harm than good, and as far as I can tell this is one of them. But of course everyone is entitled to their own opinion and choice of browser.