7

I am looking for the pros and cons of outsourcing an organization's Public Key Infrastructure (PKI). I understand that the answer to whether or not to actually outsource is going to depend on the environment and the organization. What are the risks associated outsourcing PKI and are there any technical gotcha's with regard to outsourced PKI?

AviD
  • 72,138
  • 22
  • 136
  • 218
sdanelson
  • 1,267
  • 10
  • 21

3 Answers3

4

One of the key risks I have come up against when working with banks outsourcing their PKI is the protection of the root certificate. If you are relying on your PKI to protect something which is business critical you really want your PKI provider to assure you of the security around the root certificate.

There are a few providers who really work hard at this, using many mechanisms to help persuade clients to use them. From experience, I include in this pressure plates, retina scanners, dual synchronised keys, man traps, video coverage of root access, partial access granted to the provider, and part to you - pretty much everything you'd expect from an evil genius in a James Bond film.

Another issue is around connectivity - if you use the PKI for real time services, loss of connectivity to the provider will cause a Denial of Service. Make sure they have resilient links to you, and to your customers or other users.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • Can you provide some examples of real time services where loss of connectivity to the provider would cause a DoS? – sdanelson Dec 20 '10 at 00:00
  • 3
    In any case where the certificate chain needs to be validated up to the root. If you can't access the root, you can't validate. If you can't validate, you (hopefully) can't be authenticated. – Steve Dec 20 '10 at 17:19
3

The big pro of outsourcing the PKI is that you then do not have to do it yourself. Maintaining a PKI is complex, hence expensive; a specialized entity may mutualize costs over several hosted PKI.

The big costs associated with maintaining a PKI are:

  • Physical hosting: at least the root CA must be in a physically secure room, and should preferably use a Hardware Security Module, which is not the cheapest piece of hardware ever. Office space for the room, video cameras, guards, ill-tempered dogs... imply high recurring costs. Remember that the root key of a PKI concentrates the needs for security (that's how cryptography works: security of the key is extended into security of the whole), so this is a very high value target for attackers.

  • Management procedures: the PKI is, by nature, a system to bind public keys to physical identities. This implies, for each certificate enrolment, running a procedure by which the requester is physically identified (with whatever notion of identity is relevant to your situation). This necessarily involves some non-computer elements, e.g. interactions between human beings. Employees are expensive. Also, most operations involving a PKI need to be organized in a way which ensures security and accountability, e.g. key ceremonies. Simply defining these procedures and writing them down is hard work.

  • Legal deployment: certificates may have a legal value, and in many cases are being envisioned precisely because of that legal value (e.g. as a way to replace handwritten signatures with digital signatures, to achieve a paperless process). Knowing what to do to get the legal value is a highly technical subject -- in the "lawyer job" sense. In some jurisdictions, Common Criteria evaluations are needed.

So my advice would be to outsource "by default". The complexity inherent to a secure PKI ("secure" in both cryptographic and legal senses) is almost always widely underestimated.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
1

PKI infrastructure could help you out there.

I'm not exactly sure what your requirements are, but you could insist on generating a root certificate for say 10-20 years, and publish your CRLs for clients, and then generate key-signing "sub CAs" for delegating specific key-signing tasks with specific limitations on the key signing,such as key-length, type of keys to sign, maximum period of time, etc. (check out x509 details).

That way, via delegation, the owness is on you to protect the root CA, and if at anytime you want to revoke delegation, you can publish CRLs for the delegated CAs.

Now, you have ultimate control, and you could setup and offline root CA, and only public the certificate chains and public root CA are needed.

This way, they can still perform their outsourced work, but you retain control over the keys to the castle so as to speak.

Troy Rose
  • 141
  • 1