Server root certificate selection policy (informative)

Introduction

This informative annex describes the policy that is adopted by the DTG in the selection of root certificates for inclusion in Terminals compliant with D-Book 8 Annex K. The list is published on the DTG website at dtg.org.uk/work/DBook_Resources/20170629_tls_root_certificates.xlsx.

Background

  • There are over 150 root certificates in web browsers at the time of publication.
    • This list changes frequently over time.
    • The larger the list of root certificates the more likely it is to change.
  • The security of TLS against man-in-the-middle attacks is dependent on the weakest root certificate trusted by a Terminal.
  • The security of various key lengths changes with time as computing power increases. Specifically 1024 bit RSA keys may no longer be used.
  • Service providers need to know which root certificates are trusted by Terminals to achieve interoperability.
  • Service providers are often not in control of the servers delivering their content (e.g. delivery via a CDN).
  • Service providers may also wish to make use of third party web services that are not under their control.
  • The DTG does not have the resources to maintain an independent list of root certificates that are validated.

Policy

  • The DTG have selected the Mozilla list of approved root certificates as the authoritative source for the DTG mandatory and optional list. This was chosen because:
    • The approved root certificate list is publicly available.
    • The process for inclusion in the list is open.
    • Anyone can take part in the acceptance process.
    • The acceptance process itself happens in public.
    • Metadata is provided to differentiate root certificates for web server authentication, e-mail and code signing,
    • The procedure for requesting a root certificate for inclusion in the list requires a test website be provided which uses that certificate.
  • The Mozilla list of approved root certificates is published on their website at https://wiki.mozilla.org/CA:IncludedCAs/. Each certificate marked as approved for web server authentication is automatically an optional root certificate as specified in D-Book 8 section K.3.1.3.
  • The DTG will rely upon the Mozilla list for verifying the trustworthiness of Certificate Authorities.
  • There may be caveats for some of the certificates and implementers should apply any limitations that are published by Mozilla.
  • The DTG will maintain a list of root certificates that are mandatory which will be a subset of the certificates specified above.
    • The list will be updated periodically.
    • The list will only include certificates that contain RSA public keys of 2048 or more bits, or ECC public keys.
    • The DTG will determine the mandatory list of certificates based on the requirements of service providers and the Certificate Authorities that are in widespread use.
    • The DTG will rely upon published statistics to determine how widespread a Certificate Authority is. [See note]
    • The DTG may exclude Certificate Authorities from the mandatory list if they impose requirements that are deemed unreasonable.
    • The DTG shall maintain and publish a revision history of changes to the mandatory list.
    • When the DTG determines that a certificate that is on the mandatory list should be removed as per this policy (e.g. due to falling out of widespread use), this will be announced when the list is next updated and the removal will occur the subsequent time the list updated (if the certificate is still deemed to be removed). This does not apply when the certificate has been removed from the optional list as well.
    • Note that removal from the mandatory list does not necessarily imply that a certificate has also been removed from the optional list.
  • This policy may be reviewed if the underlying Mozilla root certificates policy changes materially.
  • This policy is subject to change.

Note: It is at the discretion of the DTG to determine what constitutes widespread use.