One good reason to permanently reject a certificate is from a code signing perspective. Consider a publisher whose policies you don't agree with but is otherwise a legimiate company. By permanently rejecting their certificates you won't accidentally install their software (as a side note, MS didn't enable this UC for years but finally added it to the 'install signed code' UI).
_______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
