Comment by mike_hearn
11 years ago
It wasn't done a long time ago because running a CA costs money (which is why they charge for certificates), so whoever signs up to run one is signing up for a money sink with no prospect of direct ROI, potentially for a loooooong time. This new CA is to be run by a non-profit that uses corporate sponsorship rather than being supported by the market; whether that's actually a better model in the long run is I suppose an open question. But lots of other bits of internet infrastructure are funded this way, so perhaps it's no big deal.
There aren't a whole lot of privacy concerns with CA's as long as you use OCSP stapling, so users browsers aren't hitting up the CA each time they visit a website (Chrome never does this but other browsers can do).
Re: CA compromise. One reason running a CA costs money is that the root store policies imposed by the CA/Browser Forum require (I think!) the usage of a hardware security module which holds the signing keys. This means a compromised CA could issue a bunch of certs for as long as the compromise is active, but in theory it should be hard or impossible to steal the key. Once the hackers are booted out of the CA's network, it goes back to being secure. Of course quite some damage can be done during this time, and that's what things like Certificate Transparency are meant to mediate - they let everyone see what CAs are doing.
> imposed by the CA/Browser Forum require (I think!)
That's something imposed by the audit criteria (WebTrust/ETSI). What you detailed is also why roots are left disconnected from the internet - if you compromise an intermediary, that can be blacklisted as opposed to the entire root.
I'm curious. Whats the biggest cost in running a CA? As in, what makes those certs so expensive?
Ensuring physical security of CA private keys is expensive. This requires things like sturdy padlocks, closed-circuit security cameras, and up-to-date hardware and software.
These are the things you pay for when you buy a certificate from a CA. In fact, I would be 100% opposed to obtaining my website's cert from a CA if it were free-of-charge, because I know good physical security is expensive. However, I already trust the EFF and the Umich researchers (and their assurances of physical security), so I'm absolutely happy with obtaining a free certificate from them.
.... also, you need multiple people in the organisation, you typically need to write your own infrastructure for vending certs, billing, you need to run OSCP responders and perhaps CRLs so clients can check if the cert was revoked, that can take a lot of bandwidth, then you need support staff because when people are paying, they expect support, etc.
Your mileage may vary, but the biggest upfront cost is the WebTrust audit. Certly got quoted $150k for a reasonable root and its subordinates. This is a yearly cost. HSMs are not cheap either, plus you have to host them securely, hire validation staff, etc...