Re: How to permanently delete root CAs from mozilla products?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 2011-09-17 at 16:05 -0400, David wrote:
> On 9/17/2011 3:59 PM, Fernando Cassia wrote:
> > On Sat, Sep 17, 2011 at 16:46, David <dgboles@xxxxxxxxx> wrote:
> >> Sure there is. They come with the Firefox and Thunderbird updates. They
> >> are named security updates.
> >>
> >> --
> >>
> >>  David
> > 
> > I mean if you accidentally delete good certificates ie AOL, Comodo,
> > RSA, there is no way to easily reset certificates to the default state
> > other than deinstalling and reinstalling the whole browser.
> > 
> > Of course you can wait for future security updates that includes
> > updates to the certs, but what if none comes in the next update?.
> 
> 
> Refresh the rpm is the easiest way that I can think of to do that
> without uninstalling and them reinstalling.
> 
> And, as I recall, if you go to a site for which you do not not have a
> certificate you are offered to accept it and add it. Not a disaster but
> a slight inconvenience for the careless user.
----
I don't think refreshing the rpm or even un/re installing will 'reset'
certificates but I haven't tested myself.

And what we are talking about is root certificates which actually
comprise the highest level of a certificate chain. If you delete (or
mark as not trusted) a root certificate and you go to a web site that is
signed by the root certificate that you have indicated should not be
trusted, it will come up as untrusted and you are given some rather dire
warnings - the same as if you were presented a certificate that is
'self-signed'. I would recommend that even if you 'accept' (get
certificate, trust, possibly permanently store) that you don't do any
actual commerce with that site. Actually do not choose to store it
permanently because the next time you go to the site, you will likely
have forgotten that there is no chain of trust.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux