On Thu, 2013-01-24 at 23:54 +0100, Jan Lühr wrote: > I noticed that some Root-CA-certificates (like CCNIC, Turktrust) > deleted by me reappeared after the last auto-updated. Is there a reason > for doing so? Personally, I decided, that I don't trust these > certificates and therefore I removed them. I know, that could revoke > trust, but since the UI doesn't give feedback on think - as you pointed > out in your bugreport - I felt better deleting these certificates > completely. > > Is there a way for a permanent deletion of these certificates?
This is another deficiency of the user interface and source of confusion. No. Certificates that are shipped with the Firefox software are embedded in it, and cannot be permanently removed. If you click the button to delete one of the built-in certificates, Firefox will store "not trusted" information in your security settings, together with that certificate. I apologize for this very old bug, that has been present ever since I started to work on Mozilla in year 2001, but nobody got around to completely rework it to get this behaviour fixed. Yes, instead of giving you the impression to remove it, the user interface should immediately tell you that removing isn't possible, but that the certificate has been marked as "not trusted", which has the same effect. Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
