Podcast
Root Causes 482: Microsoft and PQC
Hosted by
Tim Callan
Chief Compliance Officer
Jason Soroko
Fellow
Original broadcast date
April 2, 2025
In this episode we explore the potential PQC future for Microsoft Active Directory Certificate Services, aka MSCA. We discuss potential paths for Microsoft to take and their consequences.
Podcast Transcript
Lightly edited for flow and brevity.
Tim CallanSo Jason, let's talk about Microsoft and post-quantum cryptography (PQC).
Jason SorokoI wanted to, in this podcast, readdress some of the things you and I have talked about before, with regards to very specifically, Microsoft Active Directory Certificate Services, or Microsoft CA. And you and I had had an episode that we recorded right here a while ago about, hey, is MSCA (Microsoft CA) is it going away? Is it not? There have been some accusations of anybody saying that is spreading FUD. Therefore, I think it's worth addressing, what is Microsoft doing with their technology stack? I want to acknowledge the fact that Microsoft has obviously been doing a lot of work with respect to advancing to be able to be post-quantum capable. And they've got a great blog series on that. I think the latest update was just a few weeks ago in December of 2024 and so I wanted to call that out and say, listen to us very carefully on that episode, because a couple things were said. One was, hey, Microsoft, if something I'm saying is incorrect, tell me.
Tim CallanTell me. By the way, always, if you're subject matter expert and I'm mangling what you're saying, just correct me. I've had Chrome do that in the past. And we'll get it right next time.Jason SorokoSo, I think what's important here is let's acknowledge what Microsoft is doing and also what they're not explicitly saying they're doing. That's where I think some question marks and some threads aren't tied up yet. It could just be my lack of knowledge, or I missed something, but let's talk about it. So Microsoft has been talking about PQC more in general, and they have been developing capabilities around using the NIST standards that dropped, which is great. Just like Apple, just like the Signal protocol. They've been working on their own key exchange mechanisms as well. So not surprising for a very, very large technology company. Everybody should be doing that. Totally not surprising that Microsoft is. But my question to Microsoft, and my question to the general industry is, is Microsoft referring to some of their net new technologies that this PQC capability will be implemented in, such as Azure PKI?
Tim CallanWhich seems like an obvious one. It would be pretty amazing if they didn't do it in Azure.Jason SorokoThe issue is I didn't read anything explicitly saying that they were going to refactor MSCA. Now, it would shock me if they didn't, but also wouldn't shock me if they did. So, I just don't know the facts. I don't know about MSCA and post-quantum capability.Tim CallanAnd even if they are, then the next question, which is very important, is on what timeline?Jason SorokoExactly, Tim. Exactly. We've talked about this on our podcast - implementing PQC, in the guts of a productized system is not really as easy as you think, because the problems like the large signature problem, which is just issuance and how Certificate Signing Requests CSRs, work. Can’t really work the same way in the future. And we had Sofia Celi tell us and other guests tell us about, Bas Westerbaan - -Tim CallanBas said they’re all terrible.Jason SorokoTherefore I can see Microsoft deciding, we've got a lot of PQC capability that we've built, but we're not going to put it into MSCA. We're going to let that kind of die on the vine. On the other hand, if they do refactor, it'll be a big refactoring.Tim CallanI think you're right. And then you go, how's that going to fit? I mean, then there's a bunch of questions, like, and if you're at Microsoft, and this is just me speculating, but you've got to consider a lot of things. You've got to consider what's the roadmap trade off? What's the opportunity cost of this? What are the risks? If I put something out there that is broken in some way, that is not reliable, or has security holes, that could be worse. And something like, like MSCA that is so broadly used, like, if you roll out with your new PQC CA, you’re going to have a big footprint very fast, and if it isn't really buttoned up, that could cause a lot of trouble. I mean, this is Microsoft's basic problem anyway. Like take anything they do and multiply it by billions, and even the smallest thing is a high stakes game that could literally cost lives, and so they always have to live in this world. But this is another example of that.
Jason SorokoSo Tim, let's for the sake of argument, say that Microsoft puts their new shiny PQC capabilities into MSCA. It doesn't fix the problems and limitations that MSCA has around visibility to the certificates. As well as it being so ensconced inside of the Microsoft stack and was never really built from the beginning to handle non-domain attached devices as an example.
Those are major, major limitations to Microsoft’s CA. Like if you're in a purely domain attached world, especially 1990s was an era where a lot of people were domain attached, even if you were remote, working through a VPN or something, you're typically attaching to a domain. But that's not, that’s not the way almost anybody works anymore. So it's almost like refactoring MSCA with post-quantum, you're still left with those major limitations. Anyway, food for thought. I could be wrong on all of it. If somebody from Microsoft wants to join us and tell us more.
Tim CallanPlease. Like, if you're watching and knyou ow the answer, you know how to find me. You know how to find Jason. Reach out to one of us. Tell us offline, and we'll report what you said, or come on the show and tell us in your own words. Like, I think this is an important question to a lot of people, Jay, and it does seem to be pretty mysterious at the moment.Jason SorokoI want to address in a final point here on this podcast, why do we bring up MSCA fairly often? It is because - you said it best - it's everywhere. It’s just so ubiquitous. Yes, we are employees of Sectigo. One this podcast, we're not trying to sell and so when we get accused of, you know, or even if it's just, we brush up against somebody accusing us of FUD, it's like no, please understand we're trying to look at things very objectively and we are CA agnostic, both public and private as a company. We're about Certificate Lifecycle Management, and therefore MSCA, because it's in our customer’s environments, and because it's in everybody's environments – almost - it's worth us talking about and speculating about. And therefore I would invite Microsoft to come on here and to tell us more, because it's good learning for all of us.Tim CallanSo, Jay, in the absence of a PQC compatible - let's call it MSCA 2.0 - if you are an IT shop that is using Active Directory certificate services today, what do you do? Do you need to get off it? Do you stick with it on a non-quantum safe level, like, what should these people be thinking about as their path forward in the event that Microsoft doesn't provide them with a compatible product?Jason SorokoI think that's a very important question, and thankfully, Tim, there are flexible options. It has to do with a topic of PKI trust models. We really should be doing a podcast about that alone. Because we talk a lot about PKI and digital certificates, digital identities. One of the topics that we barely ever touch is trust models.
Tim CallanI think that's been on the top list for like five years, and we've never recorded it. So maybe we should.Jason SorokoLet's put it near the top of the list. Trust models, in this case, is the answer. Which is, I don't think there's one right way for anyone. There will be some organizations that really find themselves in a in a world where MSC just doesn't work for them anymore, in the sense that most of their operation is not domain attached. That could be a smaller organization or a new organization. For those, I would say replacement is probably not a bad option, because replacement could get you, you get away from those limitations of being having to be domain attached.Tim CallanIt solves another problem for you.Jason SorokoFor some organizations, larger ones where there's a lot of domain attached devices, MSCA is running and doing exactly what it should, I would say for you, there's two things for you to do. One is, we have episodes in the past, Tim and I will probably flash the references here, but former episodes, where are you sure you have configured your MSCA to be secure because white hats have taught us it's nearly impossible to do so. Not my words. Those are the words of some very smart white hats. But to answer your question, there's a couple options. I don't think you have to rip and replace MSCA. I think that you can augment it with another private CA and there might be a couple reasons you want to do that. You might want to keep that root. MSCA, you want to keep it as your root, root.
Therefore, if you want to do more modern use cases that MSCA cannot do alone, augmenting it with an issuing CA, a modern issuing CA that has been signed, that's a great route, because that's your first step towards phasing out what you're doing with MSCA, or phasing in modern use cases. Fantastic. MSCA augmentation is something that is available to you, and it's due to the flexibility of a PKI trust model. Signing and issuing CA is part of a trust model.
Another thing that I think is a consideration, Tim, is a lot of organizations have implemented MSCA without an HSM. Because for moderate size use cases, it just might not make sense to spend $30,000 to $50,000 and all the complexity that comes with an HSM. Therefore looking at a hosted solution that has a multi-tenant HSM, a private CA, where the keys are basically generated in an offline root with an HSM that is multi-tenant is a great way of dealing with the problem of security related to having keys generated in software and therefore there are reasons for some organizations to consider replacement or changing the trust model again. One way that you and I have talked about as well, a third reason for augmentation is you could eventually just turn the MSCA into being a pure offline root. Therefore, it's not as painful as a full rip and replace, which can be quite difficult, but then it mitigates the risk of security, because that offline root is doing so little, but ultimately providing that root of trust in a more secure way. Therefore it depends on the trust model that makes sense for you.
Tim CallanSo, those are all options, and each of them could be viable depending on your circumstances.Jason SorokoI think every company is going to be different, and it's good to talk to your security vendors, your private CA vendors, about what's available to you. But a lot more is available to you now than ever. One of the sayings you and I have had for years and years is this ain't your grandpa's PKI and the world has moved on. There you go.Stay informed with expert insights
Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!
