On 5/23/25 8:53 PM, John Levine via NANOG wrote:
The point of a private CA is that you know the people whose certificates you're signing.
Yes, it is obvious that is the point of a private CA. But you seem to have misunderstood my (non-hypothetical) example. Consider a web server that is serving up web pages to random people on the Internet completely unaffiliated / unassociated / unknown to the server; e.g. to you and your family. To be able to serve pages over HTTPS to them, a TLS certificate from a public CA that they trust MUST be used. Now assume, for the sake of discussion, that you have multiple such servers and they want to use mTLS to authenticate their identities to each other. -- Maybe it's for SMTP, or IKE, or VoIP, or.... Solution 1 is to re-use the existing TLS certificate & key that they already have for mTLS. Solution 2 is to have separate certificates used for mTLS. You seem to be advocating for solution 2 with the added complexity of a private CA. Solution 2 (or worse if private CA) involves additional configuration, additional complexity, additional certificates & keys to secure, and additional things to break. People are often advised to avoid running their own private CA for some good security reasons. So I maintain that Occam's Razor / Parsimony suggest that solution 1 be used as it's both simpler and has fewer components. -- Grant. . . .