that's the point at which you say (reasonably accurately) that the 364 byte thing is written in machine code. it is small enough to manually translate between the binary and asm
Though sometimes the CA needs to know more than just the validation method to determine if a certificate should be revoked, and it's not practical to stuff it all in an extension (e.g. this recent GoDaddy issue which required examining past CAA queries: https://bugzilla.mozilla.org/show_bug.cgi?id=1904748).
In the 2010-2013 era, i did most of my computing over X over ssh on a fast LAN. At the time, YouTube and other video stuff worked fine, and my environment felt as responsive as local computing.
This might be less of an option then you'd think. Android software is often compiled assuming the CPU has comparatively recent instruction set extensions. Older devices, especially lower-end devices (which are more likely to be stuck on older software and more likely to be owned by people without the resources to frequently upgrade), might lack those extensions, making the app unusable. This is not a hypothetical. I've experienced this with FF a couple years ago (and even spent a couple hours trying to figure out how to build from source, but ultimately gave up.)
What extensions other than NEON are you thinking of? Neon was made a CDD requirement for Android 6.0, released on 2015. Even before that it was almost ubiquitous. The last shipping devices in any volume missing NEON were Tegra 2 tablets from 2011.
Different applications can have very different requirements. I've worked on systems which would kill for 5% latency and on systems that would gladly pay 5% for better memory usage.
> This government surveillance has had a measurable chilling effect on Wikipedia users, with research documenting a drop in traffic to Wikipedia articles on sensitive topics, following public revelations about the NSA’s mass surveillance in 2013.
I think their statement is accurate. If they've been accepted into root programs (and it sounds like they have), then the GoDaddy cross-sign is only relevant for older browsers, and even then requires no additional or ongoing actions from GD to keep working.
Is it not dependent on GD keeping upstanding status? If, lets say, they were hacked, and had their status revoked, then the Certainly certs would stop working in some places. That sounds like dependency to me.
In the normal course of events, no. If a CA demonstrates itself to be particularly untrustworthy, the actions most root programs might take (adding restrictions, or removing it from the root store entirely) still rely on those changes getting distributed to users, and if users pick up that update to the root store, they probably picked up the update which added Certainly too.
There are conceivable scenarios where GD doing something (or not doing something) could result in Certainly search no longer validating on some subset of older browsers/clients, but they're quite obscure and unlikely. If you include those scenarios as Certainly having a dependency on GoDaddy, I feel like you would also have to say that Certainly depends on their domain name registrar to not give away their domain out from under them.
Very few people actually manage root programs: Mozilla, Apple, Microsoft, Google, Oracle, and maybe one or two others in smaller niches. Everybody else either uses the platform's store or ships an approximation (the certificate list and some basic constraints, but missing the more complex policies implemented in mozilla::pkix) to Mozilla 's store.
That includes Debian, so probably also Ubuntu. Dunno about Red Hat but it's probably the same.
