Understanding the first imperative of a commercial Certificate Authority

July 1, 2018

A lot of things about the how the CA business operates and what CAs do is puzzling from the outside, and may even lead people to wondering how exactly a CA could ever do some particular crazy thing. I've come to feel that we can understand a lot by understanding that the first imperative of a commercial CA is to sell TLS certificates, no matter what it requires.

(This is different from the CA's first job of having its root certificates included in all of the browsers, which these days absolutely must include iOS and Android.)

There are well intentioned people at many commercial CAs that care about the overall security and health of the TLS ecosystem, and some of them hold some degree of power in their respective organizations. But they cannot change the overall nature of the beast that is a commercial CA, because being commercial means that they must make a profit somehow and that means selling certificates (and in order to grow, they must sell more certificates or more expensive certificates or both).

One important consequence of this is that commercial CAs are fairly highly motivated to push the edges of trust and security, especially today (given Let's Encrypt's increasing domination). Sure, their good employees have pushed back and will push back to the extent that they can, but that can only go so far. As we've seen over and over with email spam, sooner or later the people on the side of money win those arguments, and the only real limit is the increased willingness of browsers to kick CAs to the curb. So we shouldn't be at all surprised when CAs do bad stuff, especially now. One extremely cynical view of this dynamic is that commercial CAs don't really want to securely validate things, they want to find some excuse to take your money and give you some magic bits. If they can make that excuse be secure, that's great, but it's not the most important thing.

(Although I can't find the details now, I believe there was a CA that was accepting emailed 'scans' of 'official documents' from would-be customers as proof of control of domains. This seems obviously crazy from the outside.)

Another cynical way to look at the current situation is that a commercial CA's only remaining natural market is people who can't use Let's Encrypt certificates. Sometimes this will be people who can't deal with short duration certificates, but at least some of the time it's going to be people who can't pass LE's checks for some reason, probably a good reason. Commercial CAs are quite motivated to find some way to give them a certificate anyway.

(Commercial CAs also have a legacy market in people who either haven't heard of Let's Encrypt or don't understand it, but that market is going to shrink over time. We can probably expect commercial CAs to work hard with FUD to keep these people ignorant and in the fold.)

Next, no commercial CA is going to propose or support anything that cuts its own throat, no matter how good for security it would be, and while there are some motives for supporting measures that wind up increasing your operational costs (if this is somehow a benefit to you over your competition), there are limits (and CAs may be hitting them). Commercial CAs are also likely to try to persuade browsers to do things that help out EV certificates, and they're probably going to do a lot of that persuasion in public in order to try for greater pressure.

This shades into another obvious but sad consequence, which is that commercial CAs have a great motive for encouraging ignorance, superstition, and FUD, especially over things like EV certificates (see Troy Hunt tearing apart some recent CA marketing FUD, for example). If people with money don't understand that they can just get a DV TLS certificate from Let's Encrypt and it's just as good as an EV cert (see also), you have a chance to sell them your version of this commodity.

One conclusion I draw from this is that CAs are likely to refuse to drop the maximum certificate validity period down very low, because relatively long duration certificates are one area where they have something that Let's Encrypt doesn't.

(I've probably said some variant of this in past entries, but I haven't written it up as a full entry. For various reasons I feel like doing it today.)

Immediate post-publication update: See Digicert withdrawing from the CA Security Council and the HN comments on it, especially this discussion of the background of the CASC and so on.

Written on 01 July 2018.
« My interesting experience with rapid repeated PID rollover on Linux
The history of our custom NFS mount authorization system (or some of it) »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Jul 1 22:57:12 2018
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.