It looks like the certificate can easily be deleted manually: Preferences > ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		more_original on April 6, 2010 \| parent \| context \| favorite \| on: Mozilla shipping SSL root certificate, has no idea... It looks like the certificate can easily be deleted manually: Preferences > Advanced > View Certificates.

dasrecht on April 6, 2010 [–]

yes this sould not be the core of the problem. its important to know _who_ owns the debatable CA.

This gives a great Mitm Vector if i'ts a malicious CA

wallflower on April 6, 2010 | [–]

Is it possible to do a web crawl scan of https and SSL certs and find out which certificates have this questionable one as their root?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact