Security and privacy on the Internet rely on the Public Key Infrastructure (PKI), which is based on unlimited trust in a set of predefined certification authorities included in the users' root stores. However, the architecture of the PKI is no longer appropriate for the current threat landscape and security principles. Specifically, the implicit and permanent trust given to certification authorities collides with the rising zero trust approach, a cyber-security model that mandates that trust must never be granted implicitly or permanently to any entity. This work offers a zero trust perspective on the PKI and root store composition. Using navigation datasets collected from users' browsers and passive monitors, we analyze their actual needs and identify the portion of root stores that are useful for their activity. We propose several zero trust policies to manage root stores that shrink the large perimeter of trust allowed by commercial root stores. Our experiments show that less than half of the root certificates included in the Mozilla root store are indeed used for navigation, while only 14 cover 99% of the traffic of our users. Moreover, implementing such policies requires little effort for a company, providing a practical way for managing root stores with up-to-date security principles.
