I never read into this, but I always assumed CloudFlare had their own signing rig with an intermediate from DigiCert. Do Root CAs give out intermediate CAs to other parties at all?
That’s true, but I think Let’s Encrypt started as an “independent” intermediate, since it was prohibive difficult to get Let’s Encrypt in all root stores from the beginning.
The Root CA can sign both third party intermediates and it’s “own” intermediates. The risk of a third party intermediate not adhering to CAB Forum rules falls on the Root CA, and although they can revoke this causes bad PR, so even if it could be possible, it might not be the best idea.
I can’t find a source right now, but I think Mozilla made a rule that you can’t sign an intermediate CA for anyone they didn’t approve for their root store. I think I read about it when Certnomis cross-signed StartCom’s new root, which Mozilla then retrospectively decided was against the rules.
In my original mistaken assumption that CloudFlare holds an intermediate from DigiCert, they would be vetted by Mozilla, but CloudFlare would have opted not to operate their own Root CA.
It’s a little more complicated than that. They always used their own Root certs, but IdenTrust cross-signed for a period of time in order to help increase their trust.
To put it bluntly: using a Root CA to sign an Intermediate whose private key is not under your control is a breakdown of the chain of trust.
It’s a little more complicated than that. They always used their own Root certs, but IdenTrust cross-signed for a period of time in order to help increase their trust.
To put it bluntly: using a Root CA to sign an Intermediate whose private key is not under your control is a breakdown of the chain of trust.
I don’t follow. Are you saying that IdenTrust received copies of Let’s Encrypt’s private keys for intermediates Let’s Encrypt Authority X1 and Let’s Encrypt Authority X2 in exchange for cross-signing them? Whether the signature is a cross-signature or the only signature should not matter for the chain of trust, a signature is a signature.
I never read into this, but I always assumed CloudFlare had their own signing rig with an intermediate from DigiCert. Do Root CAs give out intermediate CAs to other parties at all?
Highly unlikely, since Intermediate certs are what actually do all the work. The Root cert is purely a break-glass measure.
That’s true, but I think Let’s Encrypt started as an “independent” intermediate, since it was prohibive difficult to get Let’s Encrypt in all root stores from the beginning.
The Root CA can sign both third party intermediates and it’s “own” intermediates. The risk of a third party intermediate not adhering to CAB Forum rules falls on the Root CA, and although they can revoke this causes bad PR, so even if it could be possible, it might not be the best idea.
I can’t find a source right now, but I think Mozilla made a rule that you can’t sign an intermediate CA for anyone they didn’t approve for their root store. I think I read about it when Certnomis cross-signed StartCom’s new root, which Mozilla then retrospectively decided was against the rules.
In my original mistaken assumption that CloudFlare holds an intermediate from DigiCert, they would be vetted by Mozilla, but CloudFlare would have opted not to operate their own Root CA.
It’s a little more complicated than that. They always used their own Root certs, but IdenTrust cross-signed for a period of time in order to help increase their trust.
To put it bluntly: using a Root CA to sign an Intermediate whose private key is not under your control is a breakdown of the chain of trust.
That depends on what you mean with “used their own Root certs”, because until January 11th 2019, they served a chain up to IdenTrust, not their own ISRG. I think it’s more accurate to say that they always had their own root in place, but chained up to IdenTrust’s root until that date.
I don’t follow. Are you saying that IdenTrust received copies of Let’s Encrypt’s private keys for intermediates Let’s Encrypt Authority X1 and Let’s Encrypt Authority X2 in exchange for cross-signing them? Whether the signature is a cross-signature or the only signature should not matter for the chain of trust, a signature is a signature.
Really enjoyed this one and it cleared up some confusion. Thank you for sharing!