9.4 Deciding Between Public and Private Certification Authorities

There are two "flavors" of certification hierarchies that you can use. I'll refer to them as private and public PKI hierarchies. Just as in most decisions, there are benefits and drawbacks to each. I'll briefly discuss these flavors here and show how they will help or hinder you in reaching your goals for your PKI. Later in the chapter, I'll provide more in-depth examinations of each that specifically address the deployment and integration methods for those flavors.

Before we begin, it is helpful to know that the two flavors of PKI?private and public?are not completely isolated. It is possible to integrate a private PKI with other users or organizations, even organizations outside your own company. There are ways to build explicit trusts between organizations, no matter what flavor of PKI is used. These methods are simply more complex than one flavor or the other.

9.4.1 Public Certification Authorities

The criteria for selecting a public certificate authority will vary depending on numerous factors. Some of these factors will help you decide whether to use a public or private CA. Others may help you decide between the many public CAs available if you choose that type of solution.

Cost

Often the driving factor in these decisions is the cost per certificate desired. This depends on many factors, but in general public certification authorities charge per issued certificate and per validity period. They may also charge for customized certificate revocation lists (CRLs). On the surface, this can seem like an expensive option. Private certification authorities have associated headcount and equipment costs that you don't have with a public CA. Many companies would rather outsource such functions and not incur the liability of permanent costs. In such situations, a public certification authority might be a great solution.

Ease of deployment

Does the public certification authority have an integrated solution for delivering certificates to your users? Is there a delay between request and issuance, and if so will that impact your users' ability to perform their jobs? Can the public certification authority deliver their solution into your infrastructure without any security gaps? Can they issue and deploy computer- and role-based certificates without jumping through hoops? If the answers to these questions are yes (or if the questions aren't important to your business need), consider using a public certification authority. However, this is usually the weakest link in this solution's chain and you can expect some holes in this type of deployment.

Alignment of functionality to need

Many certificate configurations are available for different needs, such as different intended uses and different scopes of trust. Most public certification authorities can provide configurations that specifically meet your needs. However, it comes back to the first item in this list?cost.

Security integrity of issuing corporation

Most public certification authorities today will take as much care as your own internal processes require for an equivalent level of security assurance?or more. This has greatly improved over the last few years, when these companies have risen from one-room offices to large infrastructure providers. Depending on your level of interaction and trust with the company you've selected, you should ask for copies of their security plans and tour their facility. Often, these facilities are more secure than data centers at financial institutions and government installations?and almost certainly more secure than yours.

Financial stability of issuing corporation

If the certification authority is not financially self-sufficient, the solution may not be self-sustaining. In other words, if the public CA you use goes out of business, your entire PKI may suddenly stop working. There are numerous large public certification authority companies today that can provide some level of assurance. This should at least help ensure a guaranteed length of time that the CA's certificate revocation list (CRL) will be available, which will prove critical to the ongoing functionality of your infrastructure.

As you can see, several important questions must be answered when determining whether to use a public certification authority with your deployment. Many of the factors in this decision are out of your control, such as the financial condition of the company. However, most of the questions can be answered without compromising anyone's security. Obtain this information and scrutinize it carefully before any decisions are made. Remember that this company will have the private key used to sign every one of your public key certificates and therefore will have a significant level of control over your public key-based security.

9.4.2 Private Certification Authorities

You can use a Windows Server 2003 system to serve as a certification authority. This allows you to create your own certification hierarchy within your company. This provides several benefits, including:

Lower cost

Once a certification authority hierarchy is established within your corporation, the cost per certificate is extremely low. It amounts to the cost of purchasing, configuring, and maintaining the certification hierarchy hardware and software, divided by the number of certificates issued. For example, if your server costs $10,000 to purchase and maintain over three years and it issues 20,000 certificates during that time, your cost per certificate is 50¢.

Flexibility

You can choose to issue certificates for any purpose desired. There is no necessary distinction between certificate issuance methods, types, and purposes. You can, for example, deploy a CA that issues code-signing certificates with no authentication. While not always a great idea, this may be appropriate for your business need.

Ease of deployment

Because the certification authority is internal to your company, the integration to your infrastructure is already done. You have your choice of deployment method rather than relying on the public certification authority's supported method. This can also contribute to the cost, as some deployment mechanisms are less expensive than others. For example, the certificate autoenrollment feature provided by Windows Server 2003 Enterprise Edition can lower the cost of end user certificate distribution to nearly nothing.

Architectural discrimination

When you deploy a private certification authority, you can remove or add authorities or complete layers of authorities as appropriate for your business need. This allows you to remain flexible and change your PKI to match the changes in organization or business direction.

I have already discussed the benefits of a public certification authority and the considerations to weigh when making this decision. You must ask several questions before deciding to use a private certification authority. These include:

Do I trust my internal certificate officers?

Some set of administrators must have the ability to set up and remove certification authorities, issue certificates, manage private key archival, and perform other security-sensitive operations. These administrators are generally referred to as certificate officers. When deciding to use a private certification authority, these officers must be identified within the company. This is important, as all certificate-based security could be compromised by a malicious officer. Normally, a public certification authority will have a set of procedures that provides checks and balances to prevent malicious employees from causing harm in this way.

Are my internal servers physically secure?

As you've read numerous times in this book already, all security starts with physical security. The private key of your root certification authority is only as secure as the physical computer (or media) where it is stored. Internal security usually consists of data center perimeter and intrusion prevention and detection systems and sometimes uses an HSM for protection of private keys. If you cannot provide absolute physical security for this critical data internally, a public certification authority may be worth considering.

How much control over the certification authority do I require?

When using a public CA for certificates, you must realize that it holds the issuing and root CA's private keys. This means the public CA has complete control over all issued certificates, including renewal and revocation. When a private CA is used, you (or some trusted entity in your organization) retain that private key. Of even larger consequence is that the configuration of the CA is determined by the manager of that CA. Any contract for certification services should include stipulations and operating practices to ensure both parties are aware of the operation and parameters of the CA.

How much money do I want to spend?

Obviously comparative shopping is important. This is usually one of the last questions to be asked, as many other questions may be deciding factors themselves. Weighing the full-term cost of using a public versus a private CA can be a lengthy process, but it is critical to ensure the success of the project. Running out of funding in the middle of a deployment may provoke poor decisions midway through the process, which could be disastrous to the integrity of the project.

Ultimately, you will need to make a decision about what kind of certification authority you're going to use. From this book's perspective, I can only go into great detail about implementing a private PKI with Windows Server 2003, as that's the CA that you can install, configure, and manage yourself that's built into the operating system. If you decide to go with a public PKI (covered in the next section), I recommend you still read the private PKI sections after that so you understand what's going on behind the scenes with the CA you've chosen.