It would be easy to believe that the amount of risk posed to the WebPKI by any individual public CA is somehow proportional to the number of active certificates that CA has. This is false, however. In this episode we address this misconception.
**Tim Callan** (00:00.00)
So, Jason, I think there is an assumption that I feel like I see a lot of people making when they talk about public CAs and events and bugs and weaknesses and mis-issuance and things along those lines, that is built into a lot of the discussion, which is that the size of the public CA in terms of the amount of active certificates that it has in the world, the amount that it's used, is somehow proportional to the risk that that public CA poses to the WebPKI. Bigger CAs meaning more issuance, more risk is what you're saying. Correct. And I want to debunk that idea. And I understand why you would think that way because if you think about another software category, that's absolutely the case. Think about, whatever, some SaaS application in a certain category. Right? And I could say, there's three players in this category. I don't wanna pick on real companies, so I'll just make this hypothetical. There's three players and this one has 70% of market and this one has 20% of market and then there's three others that have the remaining 10. Which of those would you think is the worst one to get breached? Well, the one with 70% of the market because the affected footprint is largest. Right? But that's not the way to think about a public CA. I think this is where the common misperception occurs. The way to think about a public CA is every one of them is a doorway, and every doorway is equally capable of giving access regardless of how much it is used.
**Jason Soroko** (01:57.08)
That is a really good point, Tim. It's universal trust per CA.
**Tim Callan** (02:03.00)
It's universal trust per CA, correct. So the impacted footprint, that's a great way to put it, Jay. The impacted footprint is identical because the impacted footprint is the sum totality of the root programs that trust that CA. Now there are actually CAs in the world that are just trusted by some but not all of the major root programs. In those cases, the level of risk is indeed different. Right? If I'm only sitting in one of the major root programs or two of the major root programs, an attack can only affect those devices. But if you're in the four major root programs and the other four minor root programs, or even just the four majors, in terms of doing an attack and having that attack be successful, you have everything you need. And so what are the consequences of this? Right? One consequence of this knowledge is that the amount of security, if you will, reliability and scrutiny needs to be the same for every one of those doorways whether they are frequently used or not.
**Jason Soroko** (03:33.04)
You could have a CA, Tim — thought experiment — that never issued a single cert. Never. And then all of a sudden it issues one cert.
**Tim Callan** (03:47.19)
Misissued. For the wrong domain, to enable a major attack.
**Jason Soroko** (03:55.35)
And it could be a really big deal. It could literally be used by a nation state against its entire population. So I'm gonna add something to what you're saying, Tim, and maybe we don't want to go down this rabbit hole, but it is a rabbit hole we're gonna have to go down. Photosynthesis, as a Merkle Tree Certificate concept — umbrella term — does chop up universal trust. And so in a future podcast, I'd want to discuss with you if that was intentional based on what you're talking about right now.
**Tim Callan** (04:39.60)
Let's definitely put a pin in that one. Fascinating topic. Too big for this episode, but I agree with you. Let's return to that. That is an interesting topic. So I do think that this thinking — sometimes I like to just discuss things as interesting intellectual things. This is an interesting intellectual thing that I think does have consequences, because I think you see again this built-in assumption in a lot of ways that people look at and scrutinize and deal with the WebPKI, where they sort of think like, well, you know, there's a small number, there's a handful of CAs that are doing most of the work. If we can make sure they're okay, we don't have a problem, or we have a problem that's a very limited scale at most. And that's faulty thinking. Every one of them is a door. Every door is equally capable of providing access. And so your hypothetical tiny CA that's not being used very much and your biggest CA in the world, Let's Encrypt, are both equally capable of enabling a man-in-the-middle attack, let's say, if a misissued certificate is obtained by the wrong actor for the wrong domain.
**Jason Soroko** (06:08.76)
True. And that is something that is not really fully thought about by people that way.
**Tim Callan** (06:19.61)
Yeah, that's great. So it's just worth keeping that in mind as you're approaching this ecosystem. And there's lots of subtle ways that we might make decisions differently if we're just bearing in mind that once that universal trust, as you put it — I love that word — is granted, at that point we've absorbed the exact same risk regardless of who it is.
**Jason Soroko** (06:44.80)
The ecosystem of WebPKI, Tim, something you and I have talked about — you have to take it all into account. Because of this universal trust, it means that the whole thing, it all factors in. There are no mutually exclusive parts to the ecosystem when you think about trust as a whole. In other words, you can't think about individual CAs causing risk within the ecosystem. It's the whole thing.
**Tim Callan** (07:09.84)
Yeah, I think that's right, and I think that's valid as well.
**Jason Soroko** (07:13.00)
Great, Tim. Great topic.
**Tim Callan** (07:15.00)
Thanks, Jay. Thank you.