I really do hope the manpower becomes available to complete the code cleanup and other things necessary to bring CAcert into the major browsers and back into the Arch certificate bundle. From looking at the options, CAcert is, as far as I know, the only truly free certificate authority available anywhere. By free, I don't just mean cost; I am actually referring to freedom. Free software, free website, free certificate. Or better said, freedom software, freedom website, freedom certificate. The currency-based trust model of most certificate authorities never should have been allowed to happen on a free and open internet, meaning that I should be able to trust my connection to my bank because enough people verified that my bank's certificate can be trusted, not just because my bank paid enough money for another corporation to deem them trustworthy. That said, there are some technical changes required to make CAcert work better and to make it more secure. Unfortunately, although I do hand-code most of my websites, I wouldn't feel comfortable messing around in CAcert's code, as I really only do basic stuff for the most part. I could certainly try my hand at cleaning up some stuff in the wiki though. At this point, I'll probably be keeping the CAcert certificates I have, and will tell people to import their root certificate in order to trust my websites that need HTTPS, especially since CAcert is the only organization I'm aware of that will allow me to issue certificates for multiple domains running on the same VPS with a single IP address, which apparently, StartSSL can't do. ~Kyle http://kyle.tk/ -- "Kyle? ... She calls her cake, Kyle?" Out of This World, season 2 episode 21 - "The Amazing Evie"