User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/419 (KHTML, like Gecko) Safari/419.3 Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 When you delete a built-in cert authority in the certificate manager, it disappears from the dialog box. When you restart Firefox, it reappears in the dialog box (if you edit the cert, you see that all three identifiers are unselected). This is inconsistent and confusing. Reproducible: Always Steps to Reproduce: 1. Open the Certificate Manager 2. Select a certificate 3. Delete it 4. Restart I suggest the UI of the "delete" action should *not* remove the cert, but should instead say "the following capabilities of this built-in authority have been turned off:" and list all the capabilities.

Johnathan, care to take a look at this?

I agree that the current behaviour is confusing. Naively, I would expect the delete button to remove the cert entirely. I suspect that there is a reason why this doesn't happen (e.g. the difficulty of fixing the accidental removal of a root cert) but if there isn't, that's worth considering. Assuming there are sensible reasons not to delete, I think the button text should reflect this and change to "Disable" or similar. If we go this route, it would also be nice to see the table reflect disabled status by, e.g. greying out the appropriate entries, or grouping them separately. I might be guessing wrong, but I'm CC'ng kai here in hopes he can add the necessary context around the current behaviour?

Please see...