Was für ein geniales Ticket auf Bugzilla@Mozilla: Bug 647959 – Add Honest Achmed’s root certificate! Hier ein Auszug aus dem Ticket, über das ich dank dem Bericht auf heise Security gestolpert bin:

  1. SSL Validation Type

All of them. The more types, the more certificates we can sell.

CA Hierarchy information for each root certificate

  1. CA Hierarchy

Honest Achmed plans to authorise certificate issuance by at least, but not limited to, his cousin Osman, his uncles Mehmet and Iskender, and possibly his cousin’s friend Emin.

  1. Sub CAs Operated by 3rd Parties

Honest Achmed’s uncles may invite some of their friends to issue certificates as well, in particular their cousins Refik and Abdi or „RA“ as they’re known. Honest Achmed’s uncles assure us that their RA can be trusted, apart from that one time when they lent them the keys to the car, but that was a one-off that won’t happen again.

Wie geil ist das denn? Gut, dass das Mozilla das Ticket gleich auf RESOLVED/INVALID gesetzt hat 😉