Strange Loop

Didn't Chrome Already Have a Root Store?

After years of operating as “flair” on top of platform root stores and APIs, Chrome now operates an official root program and root store. I helped launch the root store, and this talk explains why Chrome finally did this, how the Web PKI has changed for the better since Chrome was first launched, and how the Chrome Root Program helps us build a better Web PKI in the future. We face new challenges now, including rolling out post-quantum security, and this necessitates a change in how we think about PKI in Chrome---a continued focus on security, but a new focus on simplicity and automation. You’ll walk away learning how certification authorities (CAs) get included in root stores, how to run a modern and compliant CA, and why we think we can improve security by cutting requirements.

David Adrian

Product Manager, Chrome Security, Google

I am currently a product manager at Google, adding value to Chrome Security. Despite this, I identify both as an engineer and security researcher. At Google, I work on all things HTTPS and PKI in Chrome. Prior to Google, I cofounded Censys, an attack-surface management security startup. I defended my PhD at the University of Michigan in 2018. My research was based on using Internet-wide scanning to measure how cryptography is used on the Internet. It led to the discovery of the Logjam and DROWN attacks on TLS, and the creation of Censys. I’m also a core contributor to the ZMap open-source project. In 2021, I accidentally started the “Security. Cryptography. Whatever." podcast with Deirdre Connolly and Thomas Ptacek.