October 1, 2016

Honest Achmed’s Used Cars and Certificates Wants To Become a Trusted Certificate Authority

On the lighter side of things, a request to add Honest Achmed’s root certificate to Mozilla has been rejected. A humorous request was made to Mozilla to add “Honest Achmed’s Used Cars and Certificates” as a trusted root certificate. Clearly the request is a poke at Comodo who recently suffered a security breach which resulted in several fraudulent certificates being generated. This in turn then forced all the major browsers and operating systems to release updates which blacklisted the fake certificates.

According to the request “Achmed’s business plan is to sell a sufficiently large number of certificates as quickly as possible in order to become too big to fail (see “regulatory capture”), at which point most of the rest of this application will become
irrelevant.” And that the “purpose of this certificate is to allow Honest Achmed to sell bucketloads of other certificates and make a lot of money.”

The Comodo security breach actually took place at one of Comodo sub CAs and so in the section on “Sub CAs Operated by 3rd Parties” the request states that Honest Achmed’s uncles may invite some of their friends to issue certificates as well, in particular their cousins Refik and Abdi or “RA” as they’re known. Honest Achmed’s uncles assure us that their RA can be trusted, apart from that one time when they lent them the keys to the car, but that was a one-off that
won’t happen again.” But that “Honest Achmed promises to studiously verify that payment from anyone requesting a certificate clears before issuing it (except for his uncles, who are good for credit). Achmed guarantees that no certificate will be issued without payment having been received, as per the old latin proverb ‘nil certificati sine lucre’.”

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks