Comment 69 for bug 232340

(In reply to comment #66)
> > 1: It should be possible for end users to easily add a arbitrary
> > certificate authority to their setup.
>
> Actually, no.... :-)
> Adding a root certificate is a serious matter, and if a user can easily
> be fooled into accepting a bogus certificate it would be disastrous. If
> you make it easy to add a root certificate, you open up for all kinds
> of social engineering attacks, as well as virus attacks. I'm really
> surprised that we're not hearing about viruses trying to add root
> certificates allready...
> Once a bogus root certificate is accepted, you open up for all kinds of
> man-in-the-middle attacks. [...]

Just for the record I want to say I am convinced by Kjetil's argument.

However, I still think Mozilla should ship with some "we think they may
be ok but haven't fully vetted them" certs and a GUI to activate them
(with big red letters saying "danger, danger, Will Robinson" so the user
realises that there is real risk in this, and perhaps also to suggest
that the existing trusted cert authorities are also points of weakness
in the scheme, though we trust them "more").

So while I agree that it should be difficult or highly discouraged to
add a root cert, I still think it should be possible for a user to tune
their trust, and offered a (discouraged) choice of extra auths to trust.