
Bug 647959 – Add Honest Achmed's root certificate - there
https://bugzilla.mozilla.org/show_bug.cgi?id=647959
======
ra
The problem is that we are forced to trust a particular CA because the company
we are dealing with chose to buy their certificate from that particular CA.

Whilst PKI provides solutions for this [1], they are not really practical in
SSL.

In any case, that's not how it works in the real world.

In the real world, Achmed's uncles do trust Achmed, and might well trust him
to validate the identity of a business partner.

In essence, that's the logic behind PGP.

What if SSL could be enhanced to allow PGP verification of counterparties?
That way anyone could become the equivalent of a root CA, but your value would
only be as good as your reputation / integrity.

Trusted entities, like the governments, could vouch for the keys of their
agencies - or other governments.

Friends and Family could vouch for each others keys, businesses for their
partners... etc etc.

Unlike PKI, PGP would enable counterparties to establish their identiy by
having many validating partners (paid and unpaid), as opposed to the one
single root CA that is available.

As well as bringing the source of trust closer to the relying party (really, I
live in Australia, who the hell is Comodo anyway?), the network of trust that
would result could be articulated in the browser in many different ways.

eg: 25 of your friends and 600 businesses agree that this is the identity of
Visa.

Twenty years ago this wouldn't have worked. But today, we could use the root
CA SSL system to bootstrap a network of trust that becomes independent of the
old hierarchy.

I hope all that makes sense.

[1] eg: certificate revocation, or even the user removing the root CA from her
own key store.

~~~
ciupicri
Your proposition is indeed interesting, but let's not forget about the herd
mentality. If a more technical savvy user will vouch for a certificate, tens
of less technical users might follow and then you'll have the wrong impression
about that certificate.

~~~
T_S_
You mean like Madoff?

~~~
ra
More like LinkedIn

~~~
T_S_
Interesting. What's your objection to LinkedIn? Or are you just making a
reference to the herd?

------
adulau
For the curious, the procedure for applying to be included as a CA :
<https://wiki.mozilla.org/CA:How_to_apply> and
<https://wiki.mozilla.org/CA:Recommended_Practices>

and the list of included certificate with their audit "certificate:
<http://www.mozilla.org/projects/security/certs/included/> or the pending
list: <http://www.mozilla.org/projects/security/certs/pending/>

As long as Mr. Honest Achmed is able to provide the appropriate audit
certificate...

~~~
gcb
which will be provided by Honest Achmed's Auto Insurance and Audits

~~~
mtogo
It's turtles all the way down.

------
pnathan
Achmed is honest. He even says so.

Give him a root cert, certainly errors won't happen more than once, and anyway
it would be an honest slip-up.

~~~
thepumpkin1979
Agreed, and it sounds like it will be better than Comodo, I mean, "who knows",
let's give it a chance...

------
hartror
All of this talk reminds me of Rainbow's End by Vernor Vinge, a near future
novel set in a future where augmented reality is ubiquitous. As part of the
climax of the book there is talk of revoking a root certificate which would
cause most of European commerce to grid to a halt.

Vinge is a computer scientist so the whole thing reads very well from a
hacker's perspective. Also it won the Hugo & Locus awards in 2007. Am a big
fan.

Wikipedia Entry: <http://en.wikipedia.org/wiki/Rainbows_End>

Buy it: [http://www.amazon.com/Rainbows-End-Vernor-
Vinge/dp/081253636...](http://www.amazon.com/Rainbows-End-Vernor-
Vinge/dp/0812536363)

------
tlrobinson
Is this a satirical response to something Mozilla did?

~~~
sp332
Not just Mozilla, really the entire CA hierarchy is broken. Everyone's kind of
known it for a while, but nothing went majorly wrong until last month:
[http://arstechnica.com/security/news/2011/03/how-the-
comodo-...](http://arstechnica.com/security/news/2011/03/how-the-comodo-
certificate-fraud-calls-ca-trust-into-question.ars)

------
codeup
TLDR for this HN thread: The problem posed by the mix of technical issues and
ethnic prejudices in this "bug report" is apparently more complex than what
the HN community can deal with. This is a low point for the quality of
discussions on HN.

~~~
JoachimSchipper
When I looked (2 hours after your comment), the top comments were pretty
sensible. Looks like downvoting works.

------
Groxx
> _www.honestachmed.dyndns.org_

Brilliant.

~~~
krobertson
I tried going there, but the site was down. Damn hackers.

------
bdr
This is kind of racist.

~~~
makmanalp
I'm Middle Eastern, and I think this is hilarious. Anyone who is offended by
this, can you please unplug your internet cables so the rest of us can stop
being all touchy?

In Turkish there is a very fitting proverb which loosely translates to
"Whoever has a scar will take offense" meaning if you say something, and
someone overreacts to it, it's not your fault and probably just because _they_
have some hidden problem or feeling of inadequacy (the "scar").

If everyone can take themselves a little less seriously, we'd all be a little
less pissed. Thank you for listening. </rant>

Edit: Okay, here comes Pandora's Box again. The way I see it, what is so
offensive about racist speech (or any generalization for that matter) is the
presumption that all members of that group are equally <insert derogatory
adjective here>. Once you realize how absurd, dumb and wrong that is, I don't
see how anyone could possibly take racism seriously and be offended by it. At
most, you should conclude that the person who is making the remarks is
probably not intelligent, and not worth your time.

Heck, perhaps I have some sort of emotional deficiency or something, but I
don't even see how people can get so angry about _words_. For example, I have
seen people taunting each other with stuff like "your mother was amazing in
bed last night", and the other person getting gradually angrier up to the
point that they start physically fighting. I think it's a very curious thing
about the human psyche that I can make up something absurd, blabber about it,
and get another human to the point of total lack of self control. I think it's
all just a dumb made up social convention that we're better off without.

~~~
dreyfiz
"Lighten up, will ya? Why can’t we all enjoy a little racist caricature?"

Everyone deserves a presumption of respect and dignity. I don’t make bigoted
caricatures at the expense of others just to make some point about trust and
certificates, and I don’t expect other people to enjoy and defend it when
someone is ignorant enough to resort to racist caricature.

It’s the whole Ruby sexism debate all over again, I guess.

link for Ruby sexism debate reference:
[http://www.ultrasaurus.com/sarahblog/2009/04/gender-and-
sex-...](http://www.ultrasaurus.com/sarahblog/2009/04/gender-and-sex-at-
gogaruco/)

~~~
Confusion
Yes, you know who also deserves respect and dignity and the benefit of any
doubt you can come up with? The author of the OP.

