Confirm, administrator
5,526
edits
Changes
→Remove a Root
== Remove a Root ==
''Kathleen: I’ve been thinking about the result of an included root being caught in something serious, such as a MITM attack. If that does happen, then it might be better to disable the trust bits of that root by default, rather than just removing the root. If the root is removed, it could potentially be signed by another root that is included in NSS. However, if we disable the trust bits by default, then that root could not be used again for SSL in Firefox unless a user specifically turned on the websites trust bit for it.''
Reasons for removing a root certificate may include, but are not limited to:
