Free Trial
Contact Us
Podcast

Root Causes 467: Decoupling Public from Private Use Cases

Hosted by
Tim Callan
Tim Callan
Chief Compliance Officer
Jason Soroko
Jason Soroko
Fellow
Original broadcast date
February 12, 2025

The past year has seen a great deal of focus on the use of public TLS certificates where private root certificates are actually the appropriate solution. In this episode we discuss the differences between these two use cases and what IT organizations can do about it.

Podcast Transcript

Lightly edited for flow and brevity.
Tim CallanTim CallanSo Jason, we have talked in this podcast in the past about Chrome's Moving Forward Together site. Where they project their future intentions for the root program and the WebPKI and we focused a lot on shortening certificate lifespans but there's more going on. There's a great deal more going on than that. One of the things that showed up in the October update of Moving Forward Together was a pretty strong statement from Chrome about not using public certificates where the proper use case is private. I think you have some thoughts on that.
Jason SorokoJason SorokoI definitely have some thoughts about it, because I think there's some major implications.
Tim CallanTim CallanI have a few thoughts, too.
Jason SorokoJason SorokoFor sure. In that blog's terms, they trust 2,300 CAs’ certs. In other words, there's 2,300 certs in their root store. Only half of those issue TLS server certificates. So in Google's words, Chrome removing out of scope CAs improve security. First of all. Because they want to get out of the business of trusting things that are like, this is not the scope of Chrome. Like, what are we trusting this for? What they're saying is, all right, we have to focus innovation because people are using publicly trusted certificates in ways that are inappropriate and lead to choke points in certificate agility.
Tim CallanTim CallanAbsolutely. This was one of the big discussion topics and one of the big takeaways of the Bugzilla blood bath. Was that at least subscribers claim or CAs claim that their subscribers claim, I should say that this is a very frequent occurrence.
Jason SorokoJason SorokoSo they want to be able to say, improve support for automation. I'll use my words. Your words. Every certificate should be a managed certificate. If it can't be, chances are it's because it's a publicly trusted certificate being used inappropriately, which should be used in a private CA system. Number two, anything having to do with certificate agility, in terms of promoting innovation for that, because certificates that are being used inappropriately, by definition, have an agility problem. We're just repeating ourselves here. Their words, not mine - There are a whole lot of lowest common denominator problems where you do not have any form of agility and we can't be dragged down by those use cases.

It should not dictate policy. So the decoupling of public and private PKI use cases is what Google is talking about here. There's major implications. So Tim, I'm going to put away my notes, and all I want to do on this podcast right now is talk about maybe a singular use case, which is common. A lot of people use publicly trusted TLS certificates in order to perform client authentication.
Tim CallanTim CallanThat's what I thought you're going with. That's like a real obvious use case.
Jason SorokoJason SorokoSo when we hear about things like shortening certificate lifespans, there are a lot of sys admins and smart people who say, oh my God, we can't do that. I've got non-agile use cases where I can't be flipping these certs every 6 days, 10 days, 45 days.
Tim CallanTim CallanIt's sitting on a laptop that's in the field, or worse, it's on a badge. It’s like you shouldn't be using public certs for that.
Jason SorokoJason SorokoClient authentication is not what publicly trusted certificates are for. You know what you should be using? A private CA. I know why you're not using a private CA. Because it's way easier to get your certificates from a publicly trusted CA. Setting up a private CA back in the day was expensive, risky, required a lot of professional services, and the cost of getting it wrong were catastrophic. Guess what? Things are different.
Tim CallanTim CallanLet's talk about that. You have said on many occasions, don't roll your own crypto. Because you're going to get it wrong. You're going to fail. This is a very high stakes area, and I think a lot of the reason people do this is they want to take your advice to heart and not roll their own crypto. I think it's important to identify that there is a better path forward, which is partner with a PKI specialist technology provider who will do the specialized stuff for you and that wasn't really such a viable idea in - making up a day here, 2009 - but it is today.
Jason SorokoJason SorokoThis today cannot be characterized as the way things private CAs were 20 years ago, 15 years ago, 10 years ago. A lot of innovation has gone into being able to stand up private CAs very quickly, very accurately, removing a lot of the complexity that got you into trouble, and ultimately, being a lot more friendly to your use cases and getting the certs where they need to be. All of those technologies have improved radically. And for those of you saying, oh my God, I can't afford a $50,000 HSM for just a small private CA, that's another area where innovation has happened. Multi-tenant, HSM systems acting as your key generation system, offline routes, which then assign online issuing CAs, all of that used to be a huge amount of work. It's so easy now. I invite you to talk to security vendors like the one I work for, who can stand that up for you really rapidly, so that these small scale but critical authentication systems, maybe you're using those certificates to log into Salesforce. You could use these certs for just about anything for authentication but what Google is telling you is you're gonna have to go private.
Tim CallanTim CallanPart of that message from Chrome is to say, listen, this objection is not going to prevent the reduction of certificate lifespans.
Jason SorokoJason SorokoShortened certificate lifespans are going to happen. I'll go further. If there's revocation needed for key compromise, misissuance, you name it - - If you're using those certificates for client authentication and your argument is, I can't revoke that cert because I can't get access to that cert. That is no longer an excuse. That's what Google is telling you. What I'm offering is, if you feel like your back is up against the wall and the CA vendor community hasn't come up with something, I can tell you that I work for CA vendor that has innovated.
Tim CallanTim CallanDoes have something. Don't accept that. Like, if you're of the belief that there are not solutions in the market to help you with this problem, that is a false belief. If you look for those solutions, you can find them.
Jason SorokoJason SorokoThe features are right. The price is right. That's as far as I'm going to go in terms of the sales show. I think it's important part of the message in that if you feel like it doesn't exist, it does exist. I think that Google has shot the initial pistol shot to sound the warning. Folks, a lot more private CA usage in the future is going to be absolutely necessary. Don't go crying to your old MSCA that's 15 years old and will not survive post-quantum use something modern and it exists. That's part one. You're gonna hear a lot more about this.
Tim CallanTim CallanI think, we need to return to this and deep dive. Think this is a good size to introduce the topic today.

Stay informed with expert insights

Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!

Listen on Apple PodcastsListen on SpotifyListen on SoundCloud