Hacker News new | past | comments | ask | show | jobs | submit login

I'm afraid that was my response. I doubt I'll need them, and I'll re-evaluate if I ever do, but as far as I'm concerned TurkTrust is not a valid CA. Here's how on Windows (you can't delete them, they come back with the next CA update):

IE, Chrome & everything else that uses the OS:

  runas /user:Administrator "mmc certmgr.msc" 
  (might also work as another Admin user if you disabled the real Administrator account)

  Expand "Trusted Root Certification Authorities"

  Double-click on TURKTRUST certificate

  Click "Details" tab and "Edit Properties..." button

  Click "Disable all purposes for this certificate"

  Repeat for each TURKTRUST certificate in turn
FireFox/Thunderbird & everyone else that reinvented the wheel:

   Click "Options" -> "Advanced" and choose the "Encryption" tab

   Click "View Certificates" button

   Choose "Authorities" tab

   Click on each TURKTRUST certificate in turn and press "Delete or Distrust"...
It's ridiculous that there are well over 300 trusted root CA certificates distributed with Windows 7. Does anyone have a minimal set for the Western world? I don't want to trust Turkey, or Korea, or China, implicitly by default - I'll decide who I trust as and when I have to.



Isn't Turkey west enough for you ... Or a great west wall should build. ??


Eh, "western world" is a nebulous term. For example, most people would implicitly refer to Australia as a western country, despite geographically being about as east as Japan (a fully industrialized and modern society).

From my relatively uninformed perspective, I would say that Turkey kind of straddles the line between east and west. They are not a primarily English speaking country, they are not (yet?) in the EU nor would I normally think of them as particularly "Europey" (as I would Switzerland; "Europey" is probably just a measure of how "western Europe" a country is.).

My perspective is probably being influenced by history quite a bit as well: http://en.wikipedia.org/wiki/File:Theodosius_I%27s_empire.pn...


Having just moved from Britain to Singapore, I can tell you that for the people here, Turkey looks very much like a part of Europe.


It's not whether I think Turkey is "West" or "East", it's more than I just don't interact with Turkish websites - so why should I broaden the attack surface of my browser unnecessarily? I realise that the CA -> domain mapping is a poor approximation, but it's the best we've got.


I have a feeling that _firatto is Turkish ("Firat" is a common Turkish name - I know because I'm Turkish!) so he may have taken offense to what you inadvertently implied about Turkey not being part of "The West". :)


Actually, and first of all I believe -want, feel- as a part of mother earth -Gaia- .. And 'west' refers a vision in my mind. Not a geographical place.

Let me explain my offended part: I'm managing some servers on AWS Ireland zone, I have big list firewall rules, not copied and pasted somewhere else, I started all open, and slowly most of China, Taiwan, Korea, Russia ... being blocked -at least SMTP, SMPTS ports- .

I'm sure there're some Turkish people may be involved cyber crime, But most of computer related people I know of is a hard worker, dependable, honest... This is the point of mine being offended..I don't mind not being included in a political society. And sorry for being offended ..:) PLUR.. Peace Love Unity Respect


I don't think he necessarily meant his comment as a slight against the Turkish people, though perhaps he worded it poorly.

What he is saying makes sense if you generalize it too. Most Turkish people probably don't need their browsers to trust certificates from a Panamanian CA, and most Panamanians probably don't need to trust certificates from a Finnish CA. That shouldn't be taken as suggesting anything negative about Panamanians or Finns; it's all about removing trust relationships that are not necessary for users.


My fault for being lazy and using it as a shorthand for "all countries between longitudes 120W and 30E", give or take a few degrees. No offence intended, I just don't live there!


Istanbul is 28°58'E.


Thanks for sharing how to do this on desktops.

My frustration is with mobile devices. Given the huge proliferation of devices incl. idevices in recent years, it's annoying that we do not have the same options.

I just tried looking for a way to disable said CA in iOS and can't find a way to do so. Maybe someone else has figured this out. Halp?


>>I'll decide who I trust as and when I have to.

Check out Convergence, which sounds like exactly what you are looking for. http://convergence.io/index.html




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: