Cultivating new practices and policy for a more secure and reliable web
We view the adoption of MTCs and a quantum-resistant root store as a critical opportunity to ensure the robustness of the foundation of today’s ecosystem. By designing for the specific demands of a modern, agile, internet, we can accelerate the adoption of post-quantum resilience for all web users.
We expect this modern foundation for TLS to evolve beyond current ecosystem norms and emphasize themes of security, simplicity, predictability, transparency and resilience. These properties might be expressed by:
- Grounding our approach in first principles, prioritizing only elements essential for establishing a secure connection between a server and a client.
- Utilizing ACME-only workflows to reduce complexity and ensure the cryptographic agility required to respond to future threats across the entire ecosystem.
- Upgrading to a modern framework for communicating revocation status. This allows for the replacement of legacy CRLs and streamlined requirements to focus only on key compromise events.
- Exploring “reproducible” Domain Control Validation to create a model where proofs of domain control are publicly and persistently available, empowering any party to independently verify the legitimacy of a validation (i.e., serve as a “DCV Monitor”).
- Enhancing the CA inclusion model to prioritize proven operational excellence. By establishing a pathway where prospective MTC CA Owners can first demonstrate their reliability as Mirroring Cosigners and DCV Monitors, we ensure that acceptance is based on verified performance and a reliable track record.
- Evolving the third-party oversight model to prioritize complete, continuous, and externally verifiable monitoring. This shift would focus on ensuring a high standard of transparency and consistency, providing immediate and reliable insights into performance that can replace the function of annual third-party audits.
To secure the future of the web, we are dedicating our operational resources to two vital parallel tracks. First, we remain fully committed to supporting our current CA partners in the Chrome Root Store, facilitating root rotations to ensure existing non-quantum-resistant hierarchies remain robust and conformant with the Chrome Root Program Policy. Simultaneously, we are focused on building a secure future by developing and launching the infrastructure required to support MTCs and their default use in Chrome. We also expect to support “traditional” X.509 certificates with quantum-resistant algorithms for use only in private PKIs (i.e., those not included in the Chrome Root Store) later this year.
As we execute and refine our work on MTCs, we look forward to sharing a concrete policy framework for a quantum-resistant root store with the community, and are excited to learn and define clear pathways for organizations to operate as Chrome-trusted MTC CAs.
