Hash: SHA1

I'm really glad you asked this question. It gives me to tell a story I've 
wanted to tell for some time. I know the answer to your question because I've 
done it.

Some years ago, PGP Corporation toyed off and on with the idea of becoming a 
CA. We looked at ways to get there through the side door, like buying the 
assets of some company that was going out of business, and managed to be too 
little, too late.

So after a lot of dithering, we started a project to create a CA from scratch. 
I led the project and it had a budget of US$250K. I code-named the project 
Casablanca. Partially because Casablanca begins and ends with a CA, but mostly 
because I really like the phrase, "I am shocked, shocked that PGP is issuing 
X.509 certificates." 

The process for setting up a CA is straightforward and exacting. You have to 
have physical and logical controls on things, dual-authentication and 
separation of duties on just about everything, but it's straightforward. You 
have to write a lot of documents, create a lot of procedures, and have all of 
that audited. You have to get audited regularly and often as you start out, and 
then the audits taper off after you show that you're running a tight ship. 

The main thing you're looking to do is to pass the WebTrust audit and 
associated practices that the platforms will require you to do. Microsoft has 
the most mature process. They have a set of rules and guidelines. If you follow 
them, you're in. One of those, by the way, is that you have to be a retail CA, 
as opposed to an internal one or a government one. It's best to work with 
Microsoft first, and once you're in their root program move to the others. They 
are fair, disciplined, and helpful. Most of all, once you've gone through all 
that, it's easier to get into the other important root stores.

If you go into this business with the attitude that you're doing a job that 
protects the Internet at large, defends the public trust, and so on, then 
you'll find the requirements completely reasonable and easy to do. 

Now that $250K that I spent got an offline root CA and an intermediate online 
CA. The intermediate was not capable of supporting workloads that would make 
you a major business. You need a data center after that, that supports the 
workloads that your business requires. But of course, you can grow that with 
your customer workload, and you can buy the datacenter space you need.

The costs got split out to about 40% hardware, etc. and 60% people. It does not 
include the people costs of the internal PGP personnel who worked on it. I 
raided part time help from around the company. It took about fourteen months 
from start to end.

PGP bought an existing company, TrustCenter. TrustCenter was the remaining end 
of GeoTrust (spun out Equifax) that Verisign did not buy. The plan was that the 
PGP-branded Casablanca roots would be put into the TrustCenter machinery and 
datacenters, and then you have a major CA. That got interrupted by Symantec 
buying PGP and then buying Verisign. Casablanca is now rolled up into their 
Norton CA business along with Verisign and Thawte, GeoTrust, etc.

There are rumors, which you've read here about how there are lots of 
underhanded obstacles in the way of becoming a CA. My experience is that the 
only underhanded part of the industry is that no one in it dispels the rumors 
that there are underhanded obstacles in your path. This is pretty much the 
first time I have, so I suppose I'm as guilty as anyone else.

Furthermore, there are lots of overblown rumors about the CA/Browser Forum. You 
don't have to be a Forum member to be a CA. If you plan to issue EV 
certificates, you have to follow the EV guidelines which are produced by the 
CA/Browser Forum, but that is because the platforms won't put your EV root in 
their stores unless you do. You don't have to be a member of the Forum to be a 
CA. As a matter of fact, there are a large number of CAs that are not members.

The situation is similar to Internet protocols and the IETF. If you want to 
make routers, you don't have to be a member of the IETF. You *will* have to 
follow IETF documents, but you don't have to participate. Obviously, there are 
advantages in participating, but there are also costs.

I was involved in the CA/Browser Forum for a few years, first with Apple (on 
the browser end) and then with Entrust (on the CA end). I heard the stories 
about how it's a cartel, etc. At PGP, we had no plans to be members because we 
had no interest in being part of a cartel. It was a huge disappointment to be 
there and find out that it isn't a cartel at all, it's a volunteer organization 
that handles lots of the rough edges of web PKI with the same combination of 
spurts of efficiency and spurts of fecklessness that you find in just about any 
organization that tries to get a bunch of organizations with different goals to 
work together.

Presently, the Forum is reorganizing itself for greater transparency and 
participation, which is not going as well as it could, despite lots of good 
ideas. But this is the way of all volunteer organizations, which often merely 
shuffle around the dumb things and smart things they do -- in correcting a dumb 
thing, they correct a smart one, too. There are many things one can criticize 
the Forum for, but it's not the usual things you hear. If you're starting a CA, 
you can deal with the Forum as you think it benefits you most.

The long pole in the tent of setting up a CA is getting your roots in all the 
platforms you need. It's much easier now than it has been in years past, but 
that's the annoying part because every platform has their own rules. As I said, 
start with Microsoft. These days, cross-certification is much harder than it 
was. In the wake of the last few years, most CAs are not interested in 
cross-certifying any more.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

cryptography mailing list

Reply via email to