Root Causes 495: Trust Models and Post Quantum Cryptography

Episode Transcript

Lightly edited for flow and brevity.

• 

  Tim Callan

  So in an earlier episode, we talked a little bit about trust models, kind of defined them, gave some examples, and you dropped a little thing that we wanted to pick up on, which is trust models and post quantum cryptography.

• 

  Jason Soroko

  Because we obviously have been living with RSA, ECC based private CAs, public CAs, for an awfully long time.

• 

  Tim Callan

  Since the inception of all of this.

• 

  Jason Soroko

  Absolutely. And they're going to live on a long time beyond the PQC era, whatever you want to call that. And a lot of people are like, What do I do? Like, that's just craziness. It's not. In other words, I think there's hope. I think there's a fact, a lot of hope, and it comes down to PKI trust models coming to save the day for blending legacy roots with modern PQC, capable issuing CAs. I'll give you an example. Let's say you have a Microsoft Active Directory, certificate services, MSCA private CA, that's been set up and running for years and years. Maybe you set it up really well, and perhaps there's an HSM behind it that's unfortunately rare, but let's just say that that's the case. It's not necessary, but I'll use as an example. Did you know you can continue to use that CA in whatever way you're using it for, client authentication in a Microsoft domain attached environment, the certificates get to where they need to go, and you're all happy, but it's perhaps limited, and some of that limitation comes from the fact that you got to be domain attached. And what about iOS devices? Well, I can get an MDM for that. But then the question really also becomes, Tim, well, what about PQC? What happens if my legacy HSM, my legacy private CA, is RSA based completely?

• 

  Tim Callan

  So I have leaves, I have PQC enabled leaf certificates, can attack those? Can I attack the intermediate? Let's say that's PQC. Can I attack the root?

• 

  Jason Soroko

  Yes. Therefore, I mean, we all know that you can put these devices, and a lot of people do put these devices in very, very limited networked environments. And the thing that you want to put out into the world are the issuing CAs, and so it would if you are forced to, you can bestow trust from a classic system to a postquantum private. CA. Therefore you could take a legacy MSCA and use it to sign a modern issuing ca that has all the great capabilities and lack doesn't have all the limitations of MSCA, has certificate lifecycle management visibility, and in the near future, we'll have postquantum capabilities. Fantastic. That means that you can have your cake and eat it too. Now, is it perfect? No, it means you're gonna have to protect that vulnerable RSA based system in ways that you might not have wanted to in the past, but that's good security. People can do that. In other words, make it hard for the bad guy to get there or access that RSA certificate.

• 

  Tim Callan

  And in doing that, even if you haven't eliminated the risk, at least you've mitigated it, like the the attack surface is much smaller.

• 

  Jason Soroko

  You can make it way smaller. You can put you can throw a whole bunch more monitoring that you did before. You can do all sorts of network segmentations. Heck, you can make it kind of an air gapped Microsoft CA.

• 

  Tim Callan

  Could make it air gapped, I suppose.

• 

  Jason Soroko

  You could. And in which case you're really mitigating the risk a lot. Nothing's perfect and scary security. We shouldn't pretend that anyway, but my goodness, if you need it, you can have postquantum capable issuing CAs doing all the modern things you need it to do and not have to get rid of the legacy route that you don't want to get rid of, and that's because of the flexibility of PKI trust models. So from a PQC standpoint, that's why we are now talking a lot more about hybrid PKI trust models, because of the fact that we can have this blend within our hierarchy of trust where the things that are closer to being the issuing CAs are postquantum capable. And my goodness. Tim, you can even add this. You could add a legacy MSCA that's doing its thing today, will continue to do its thing for a long time, perhaps even at some point, be declared operational but insecure. But it just it does its thing. Sign another route that's postquantum capable, take it offline and have that offline sign, a postquantum issuing CA. Now I'm sure that PKI architects, who really know this stuff might say, well, there's a lot of complexity in how we do that. The point I'm trying to make is it's possible, and it's possible because of the flexibility of PKI trust models. I think that those of you who are just pulling your hair out trying to think about how I can't, I cannot rip and replace everything in short order for 2030, so what do I do? Well, the answer is not do nothing. The answer is investigate PKI trust models, because a hybrid approach might be the answer for you. And that's, that's the simple answer to this podcast, but please check it out, because I don't hear enough people talking about it.

• 

  Tim Callan

  I think that's an interesting perspective. I have to say I hadn't thought of it that way before, but I see what you're saying.

• 

  Jason Soroko

  Check it out, folks. It's interesting.