== Remove or Disable a Root ==
Disabling a Root means one or more of the following:
* Turn off trust bits (Websites, Email)
* Turn off EV Treatment
* Distrust certificates issued after a certain date (Distrust for TLS After, Distrust for S/MIME After)
Reasons for removing or disabling a root certificate may include:
* Security Compromise
* Legacy, no longer in use
* No recent audit
Disabling a Root means one or more of the following:
* Turn off trust bits (Websites, Email)
* Turn off EV Treatment
* Distrust certificates issued after a certain date (Distrust for TLS After, Distrust for S/MIME After)
'''Important:''' Root changes that are motivated by a serious security concern such as a root compromise should be treated as a security-sensitive bug, and a [https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance&groups=crypto-core-security secure bug filed in Bugzilla].