Certificates, Keys, and Trust: The World of PKI and mTLS.

Show notes

Key Discussion Points:

  • Ben and Chris discuss their motivation for starting Anchor, stemming from frustrating experiences with certificate management and outages caused by expired certs throughout their careers.
  • The evolution of web cryptography is covered, from the early days of SSL to the modern era ushered in by events like the Firesheep exploit, Heartbleed vulnerability, and the emergence of Let's Encrypt.
  • Ben and Chris explain the benefits of using an internal PKI and private CAs rather than public CAs for back-end infrastructure. Private CAs enable shorter certificate lifetimes, protect information about internal infrastructure, and allow customized issuance flows.
  • To help improve the developer experience with local TLS, Anchor launched lcl.host which provides an easy workflow for developers to use real certificates during local development.
  • Security best practices are discussed, including using name constraints to limit certificate scope, employing a multi-layered security approach, practicing key rotation and disaster recovery scenarios.
  • Advice is given for teams new to PKI and MTLS, emphasizing the importance of hands-on experimentation in dev environments to build understanding.

https://lcl.host/

New comment

Your name or nickname, will be shown publicly
At least 10 characters long
By submitting your comment you agree that the content of the field "Name or nickname" will be stored and shown publicly next to your comment. Using your real name is optional.