With the emergence of secure network protocols that rely on public-key certification, such as DNSSEC, BGPSEC, and future Internet architectures, ISPs and domain administrators not specialized in certification have been thrust into certificate-signing roles. These so-called conscripted CAs sign a low volume of certificates, but still face the same challenges that plague modern CAs: private signing key security, administrator authentication, and personnel and key management. We propose CA Signing in a Touch-Less Environment (CASTLE), an air-gapped and completely touchless system to enable low-volume, high-security certificate signing in conscripted CAs. We demonstrate that CASTLE’s layered, defense-in-depth approach is technically and practically feasible, and that CASTLE empowers conscripted CAs to overcome challenges that even professional CAs struggle with.
Carnegie Mellon University/ETH Zurich