User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;
rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16
Build Identifier:

This is a request to add the CA root certificate for Honest Achmed's Used
Cars and Certificates.  The requested information as per the CA
information checklist is as follows:

1. Name

Honest Achmed's Used Cars and Certificates

2. Website URL

www.honestachmed.dyndns.org

3. Organizational type

Individual (Achmed, and possibly his cousin Mustafa, who knows a bit
about computers).

4. Primary market / customer base

Absolutely anyone who'll give us money.

5. Impact to Mozilla Users

Achmed's business plan is to sell a sufficiently large number of
certificates as quickly as possible in order to become too big to fail
(see "regulatory capture"), at which point most of the rest of this
application will become irrelevant.

6. CA Contact Information

[email protected]

Technical information about each root certificate

1. Certificate Name

Honest Achmed's Used Cars and Certificates

2. Certificate Issuer Field

Honest Achmed's Used Cars and Certificates

3. Certificate Summary

The purpose of this certificate is to allow Honest Achmed to sell
bucketloads of other certificates and make a lot of money.

4. Root Certificate URL

www.honestachmed.dyndns.org/cert.der

5. SHA1 fingerprint to 10. Signing key parameters

See the certificates.

11. Test website URL - 14. OCSP (OCSP is required for EV enablement)

https://www.honestachmed.dyndns.org /
www.honestachmed.dyndns.org/chain.p7s /
www.honestachmed.dyndns.org/crl.der /
www.honestachmed.dyndns.org/ocsp.asp

15. Requested Trust Bits

All of them of course.  The more trust bits we get, the more certificates
we can sell.

16. SSL Validation Type

All of them.  The more types, the more certificates we can sell.

CA Hierarchy information for each root certificate

1. CA Hierarchy

Honest Achmed plans to authorise certificate issuance by at least, but
not limited to, his cousin Osman, his uncles Mehmet and Iskender, and
possibly his cousin's friend Emin.

2. Sub CAs Operated by 3rd Parties

Honest Achmed's uncles may invite some of their friends to issue
certificates as well, in particular their cousins Refik and Abdi or "RA"
as they're known. Honest Achmed's uncles assure us that their RA can be
trusted, apart from that one time when they lent them the keys to the
car, but that was a one-off that won't happen again.

Verification Policies and Practices

1. Documentation: CP, CPS, and Relying Party Agreements

Honest Achmed promises to studiously verify that payment from anyone
requesting a certificate clears before issuing it (except for his uncles,
who are good for credit).  Achmed guarantees that no certificate will be
issued without payment having been received, as per the old latin proverb
"nil certificati sine lucre".

2. Audits

Achmed's uncles all vouch for the fact that he's honest.  In any case by
the time he's issued enough certificates he'll be regarded as too big to
fail by the browser vendors, so an expensive audit doesn't really matter.

3. SSL Verification Procedures
4. Email Address Verification Procedures
5. Code Signing Subscriber Verification Procedures

See (1).

Response to Mozilla's CA Recommended Practices

Honest Achmed promises to abide by these practices.  If he's found not to
abide by them, he'll claim it was a one-off slip-up in procedures and
that policies have been changed to ensure that it doesn't happen again.
If it does happen again, he'll blame it on one of his uncles or maybe his
cousin, who still owes him some money for getting the car fixed.

Reproducible: Always

You are viewing proxied material from bitreich.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.