-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm really glad you asked this question. It gives me to tell a story I've
wanted to tell for some time. I know the answer to your question because I've
done it.
Some years ago, PGP Corporation toyed off and on with the idea of becoming a
CA. We looked at ways to get there through the side door, like buying the
assets of some company that was going out of business, and managed to be too
little, too late.
So after a lot of dithering, we started a project to create a CA from scratch.
I led the project and it had a budget of US$250K. I code-named the project
Casablanca. Partially because Casablanca begins and ends with a CA, but mostly
because I really like the phrase, "I am shocked, shocked that PGP is issuing
X.509 certificates."
The process for setting up a CA is straightforward and exacting. You have to
have physical and logical controls on things, dual-authentication and
separation of duties on just about everything, but it's straightforward. You
have to write a lot of documents, create a lot of procedures, and have all of
that audited. You have to get audited regularly and often as you start out, and
then the audits taper off after you show that you're running a tight ship.
The main thing you're looking to do is to pass the WebTrust audit and
associated practices that the platforms will require you to do. Microsoft has
the most mature process. They have a set of rules and guidelines. If you follow
them, you're in. One of those, by the way, is that you have to be a retail CA,
as opposed to an internal one or a government one. It's best to work with
Microsoft first, and once you're in their root program move to the others. They
are fair, disciplined, and helpful. Most of all, once you've gone through all
that, it's easier to get into the other important root stores.
If you go into this business with the attitude that you're doing a job that
protects the Internet at large, defends the public trust, and so on, then
you'll find the requirements completely reasonable and easy to do.
Now that $250K that I spent got an offline root CA and an intermediate online
CA. The intermediate was not capable of supporting workloads that would make
you a major business. You need a data center after that, that supports the
workloads that your business requires. But of course, you can grow that with
your customer workload, and you can buy the datacenter space you need.
The costs got split out to about 40% hardware, etc. and 60% people. It does not
include the people costs of the internal PGP personnel who worked on it. I
raided part time help from around the company. It took about fourteen months
from start to end.
PGP bought an existing company, TrustCenter. TrustCenter was the remaining end
of GeoTrust (spun out Equifax) that Verisign did not buy. The plan was that the
PGP-branded Casablanca roots would be put into the TrustCenter machinery and
datacenters, and then you have a major CA. That got interrupted by Symantec
buying PGP and then buying Verisign. Casablanca is now rolled up into their
Norton CA business along with Verisign and Thawte, GeoTrust, etc.
There are rumors, which you've read here about how there are lots of
underhanded obstacles in the way of becoming a CA. My experience is that the
only underhanded part of the industry is that no one in it dispels the rumors
that there are underhanded obstacles in your path. This is pretty much the
first time I have, so I suppose I'm as guilty as anyone else.
Furthermore, there are lots of overblown rumors about the CA/Browser Forum. You
don't have to be a Forum member to be a CA. If you plan to issue EV
certificates, you have to follow the EV guidelines which are produced by the
CA/Browser Forum, but that is because the platforms won't put your EV root in
their stores unless you do. You don't have to be a member of the Forum to be a
CA. As a matter of fact, there are a large number of CAs that are not members.
The situation is similar to Internet protocols and the IETF. If you want to
make routers, you don't have to be a member of the IETF. You *will* have to
follow IETF documents, but you don't have to participate. Obviously, there are
advantages in participating, but there are also costs.
I was involved in the CA/Browser Forum for a few years, first with Apple (on
the browser end) and then with Entrust (on the CA end). I heard the stories
about how it's a cartel, etc. At PGP, we had no plans to be members because we
had no interest in being part of a cartel. It was a huge disappointment to be
there and find out that it isn't a cartel at all, it's a volunteer organization
that handles lots of the rough edges of web PKI with the same combination of
spurts of efficiency and spurts of fecklessness that you find in just about any
organization that tries to get a bunch of organizations with different goals to
work together.
Presently, the Forum is reorganizing itself for greater transparency and
participation, which is not going as well as it could, despite lots of good
ideas. But this is the way of all volunteer organizations, which often merely
shuffle around the dumb things and smart things they do -- in correcting a dumb
thing, they correct a smart one, too. There are many things one can criticize
the Forum for, but it's not the usual things you hear. If you're starting a CA,
you can deal with the Forum as you think it benefits you most.
The long pole in the tent of setting up a CA is getting your roots in all the
platforms you need. It's much easier now than it has been in years past, but
that's the annoying part because every platform has their own rules. As I said,
start with Microsoft. These days, cross-certification is much harder than it
was. In the wake of the last few years, most CAs are not interested in
cross-certifying any more.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii
wj8DBQFQ6IImsTedWZOD3gYRAoUfAKDaIbRMkcJ/BsBsBvsL2juv8Ip88ACgu3zx
9d+6LZUy2RMSiB8hfn44EHA=
=G5aJ
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
