Readit News logoReadit News
Posted by u/bitneuker a year ago
Honest Ahmed (2011)bugzilla.mozilla.org/show...
resonanttoe · a year ago
For those looking for more context - If memory serves it was in response to https://en.wikipedia.org/wiki/Comodo_Cybersecurity#Certifica... and the various controversies around it.

Honest Achmed has been one of my favorites for as long as its been around.

fmajid · a year ago
And also Symantec, and now Entrust. All of these CAs have incredibly sloppy vetting procedures and/or control over their resellers. In many cases they didn't even check CAA records to see if they'd be authorized to issue new certs, even though it has been a requirement for years. They had one job, and failed abysmally at it, relying on their too big to fail status. You can feel the frustration of people like Adam Langley at Google over his inability to bring the banhammer to bear fast enough on those clowns.
axus · a year ago
This was closed as a duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=233458 , which was the predecessor to LetsEncrypt
imadj · a year ago
Previously:

Bug 647959 – Add Honest Achmed's root certificate - https://news.ycombinator.com/item?id=2463762 - April 2011 (114 comments)

Bug 647959 – Add Honest Achmed's root certificate (2011) - https://news.ycombinator.com/item?id=10839315 - January 2016 (68 comments)

Add Honest Achmed's root certificate (2011) - https://news.ycombinator.com/item?id=35490740 - April 2023 (25 comments)

ramon156 · a year ago
Am I the only one that understands 10% of what's going on? Obviously they won't add his CA, and there seems to be some other links to joke requests, but what am I missing?
nilsherzig · a year ago
They are poking fun at the seemingly random (and non-trustworthy) companies which are allowed to issue root CAs and how hard it is to remove them if they reach the "too big to fail" status.

Dead Comment

Dragging-Syrup · a year ago
The best part is the website hxxps://www.honestachmed.dyndns.org/ is still up.
agumonkey · a year ago
pardon the side question, what is this trend of rewriting http in hxxp ? a reflex from platforms that don't allow sharing urls ?
batch12 · a year ago
I do this to defang the url to prevent unintentional clicks or automatic previewing when working and reporting on security events. Sometimes the habit bleeds over.
cr3cr3 · a year ago
Yeah, and http only :) It would be hilarious if it had invalid cert.

Deleted Comment

begueradj · a year ago
Achmed, not Ahmed ...
virtualritz · a year ago
Yes as far as the title on the Mozilla page goes but: Ahmed is pronounced Achmed (if your first langues is e.g. English).

Among my Arab friends with that name the spelling that omits the 'c' is more common. Another common form is Ahmad which is still pronounced the same.

The version with 'c' is one that contains a pronunciation hint for people whose native language is not Arabic (but probably English). As is the one with the 'e' vs the 'a' as last vowel.

I.e. Ahmad == Ahmed == Achmed.

Narishma · a year ago
> The version with 'c' is one that contains a pronunciation hint for people whose native language is not Arabic (but probably English).

What hint would that be? There's no 'c' sound in the Arabic version.

Deleted Comment

lionkor · a year ago
why trust the others and not Achmed?
cpach · a year ago
AFAIK, major browser vendors trust any Certification Authority that follows the Baseline Requirements of the CA/Browser Forum.

https://cabforum.org/working-groups/server/baseline-requirem...

hulitu · a year ago
> why trust the others and not Achmed?

Because, "trust us". Seriously, Google, Microsoft, Cloudfare, etc. at the same level as Achmed. The only thing Achmed lacks is marketing.

emmelaich · a year ago
See comment 13.
ithkuil · a year ago
He's too honest