I just imported a CA certificate (the Fedora project's certificate). Firefox asked me what I want to trust that certificate for. The questions are unclear. Choice 1: Trust it to identify websites? This one makes sens. Choice 2: Trust it to identify email users? What the *!&@ does that mean? This is Firefox, not Thunderbird. Choice 3: Trust it to identify software developers? Seriously? Does this mean that I would trust this CA to grant privilege to people's software? Does this mean that I would trust this CA to tell me who wrote Firefox add-ons? Why are you asking me this question? (I'm not saying that #2 and #3 shouldn't be there. I'm saying that the descriptions could be a lot clearer.) I suspect that these are actually related to X.509 constraints. These constraints are, alas, *completely irrelevant* to a web browser, as far as I know. CAs are either allowed to sign HTTPS certificates (or intermediate CAs) or they are not. That should be all.
Component: Preferences → Security: UI
Product: Firefox → Core
Thanks for filing the bug. The UI in question is shared by Firefox, Thunderbird etc, which is why stuff like e-mail trust shows up even in Firefox.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: x86_64 → All
Summary: The add-a-CA UI is confusing → The add-a-CA UI should not allow enabling trust bits unrelated to the app
Component: Security: UI → Security: PSM
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.