On Tue, May 21, 2019 at 1:23 PM Adrian R via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> Wayne Thayer wrote: > > > > > > That is not my understanding of how this setting works: it only imports > > roots that have been added to the Windows root store, e.g. by a program > > such as Avast, or an administrator. It does not import roots Microsoft > > ships with Windows. > > > > The problem is that if a root certificate is revoked locally by: > - exporting it from any place in the windows certificate store, > - adding it to the Untrusted Certificates store > - keeping it untouched in the initial store where it was exported from ... > Firefox considers that certificate as valid when it should consider it as > revoked. > Windows considers such a certificate to be revoked. > > There is a big difference between importing the entire Windows root store and thus effectively overriding Mozilla's trust decisions, and importing roots added by an antivirus program, so I wanted to clarify that. The bug that you filed (thanks!) should address the revocation issue: https://bugzilla.mozilla.org/show_bug.cgi?id=1553233 > > With Avast antivirus it's not possible to delete their MITM scanner > certificate because they will re-create another if i delete it, but they > allow it to be revoked and stay revoked. > > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
