How to permanently delete root CAs from mozilla products?

David dgboles at gmail.com
Sat Sep 17 22:58:06 UTC 2011 

On 9/17/2011 6:21 PM, Craig White wrote:
> On Sat, 2011-09-17 at 16:05 -0400, David wrote:
>> On 9/17/2011 3:59 PM, Fernando Cassia wrote:
>>> On Sat, Sep 17, 2011 at 16:46, David <dgboles at gmail.com> wrote:
>>>> Sure there is. They come with the Firefox and Thunderbird updates. They
>>>> are named security updates.
>>>>
>>>> --
>>>>
>>>>  David
>>>
>>> I mean if you accidentally delete good certificates ie AOL, Comodo,
>>> RSA, there is no way to easily reset certificates to the default state
>>> other than deinstalling and reinstalling the whole browser.
>>>
>>> Of course you can wait for future security updates that includes
>>> updates to the certs, but what if none comes in the next update?.
>>
>>
>> Refresh the rpm is the easiest way that I can think of to do that
>> without uninstalling and them reinstalling.
>>
>> And, as I recall, if you go to a site for which you do not not have a
>> certificate you are offered to accept it and add it. Not a disaster but
>> a slight inconvenience for the careless user.
> ----
> I don't think refreshing the rpm or even un/re installing will 'reset'
> certificates but I haven't tested myself.
> 
> And what we are talking about is root certificates which actually
> comprise the highest level of a certificate chain. If you delete (or
> mark as not trusted) a root certificate and you go to a web site that is
> signed by the root certificate that you have indicated should not be
> trusted, it will come up as untrusted and you are given some rather dire
> warnings - the same as if you were presented a certificate that is
> 'self-signed'. I would recommend that even if you 'accept' (get
> certificate, trust, possibly permanently store) that you don't do any
> actual commerce with that site. Actually do not choose to store it
> permanently because the next time you go to the site, you will likely
> have forgotten that there is no chain of trust.

I *really* have no idea what, just what, Fedora did here with this. But
I do know that the Generic Linux, and the Mac, and the Windows updates
fixed this. Are you saying that Fedora f*cked this up?

 Then I would think that your problem would be with Fedora. And the
gnomes that live under your bed.


-- 

  David

More information about the users mailing list