What does the X stand for in the ISRG root subjects?

Hey, I've always been wondering what the X stood for in the ISRG root CA subjects. Most of the other CAs I've seen use G (meaning generation I think) and R (for root) as a convention for naming their CA. ISRG's CA is the first time I've seen the usage of X. For example, take the ISRG Root X1 generation.


Well, I once saw a guess that it stood for X.509, and a Let's Encrypt engineer said that he thought they just based their root's name on DST's naming scheme. I kind of suspect that's just that you need to name certificates something to identify them, and while just a number might work putting a letter in there just makes it sound better and is easier to distinguish from other things.

[Though we have had confusion here in the past from "Let's Encrypt Authority X3" and "DST Root CA X3" both having "X3" in them. I think it'd be real confusing if they named their next root "ISRG Root X3". For instance, you used that phrase in your question, even though it isn't actually the name of a certificate (at least not yet). Maybe we should just name all certificates by a GUID or serial number or something instead of trying to come up with cute names.]


What do you mean here? AFAIK there's currently no certificate called ISRG Root X3.

@petercooperjr Yeah I've also got the feeling that the "X" is based of the "X" in DST Root CA X3.

Using this thread as an opportunity for some historical research, it looks like once upon a time (NotBefore says 1998 but the certificate may have been backdated) a company called Digital Signature Trust Co. created a certificate called DST RootCA X1 (missing space is not a typo). They also created a second root called DST RootCA X2, though I couldn't find as much data about that.

A few years later the company was bought by IdenTrust (it's not clear to me how much of the original Digital Signature Trust Co was retained over the years) and at some point they created a replacement for DST RootCA X1, which was called DST Root CA X3 (which should be well-known to informed Let's Encrypt users).

So it looks like the naming scheme for them was DST Root CA X<n>, where <n> just monotonically increased for newer certificates. And at some point they wanted a space between Root and CA.

Let's Encrypt came to life much later. Assuming no backdating took place, ISRG generated its first production certificate ISRG Root X1 on June 4, 2015. They also created their first intermediate, Let's Encrypt Authority X1 on the same day. Both certificates use the "X1" suffix, which looks to me like they adopted the naming scheme of IdenTrust/Digital Signature Trust for both their root and their intermediate - the X followed by an increasing number, though they did apparently count root and intermediate independently.

IdenTrust cross-signed Let's Encrypt Authority X1 a few months later, on Oct 14 2015 (again, assuming no backdating) [certificate was revoked and reissued 5 days later].

Later on Let's Encrypt/ISRG issued new intermediates, counting up the number - after Let's Encrypt Authority X2 the new names were Let's Encrypt Authority X3 and X4 as backup. [Let's Encrypt Authority X2 was a backup generated together with X1].

Skipping ahead to recent history, Let's Encrypt/ISRG wanted ECDSA certificates too, so they created a new root, maintaining the naming scheme: Hence the name ISRG Root X2. This also required new intermediates, but this time LE/ISRG decided to abandon the "X" naming scheme and instead start differentiating by key type: E for ECDSA, R for RSA. Therefore the new intermediates were called "E1" (E2 backup) and "R3" (Note that the number hasn't increased here for some reason, so X3 has been replaced by R3 and the backup X4 by R4). [The generation of new RSA intermediates wasn't really related to the ECDSA keys, but fall in a similar timeframe]


In short...
No one knows what the "X" stands for.
But it probably doesn't mark the spot - LOL
[it likely doesn't "stand" for anything at all]

A rose by any other name would still smell as sweet.


Well, assuming the blog isn't backdated either, that looks like the right day to me.

Well, when they announced their plans, they said that they intentionally didn't want the numbers to overlap between the ECDSA and RSA intermediates. That is, I don't think that it's so much that they kept the "3" and just changed the "X" to an "R" in the intermediate name, but that they just started numbering "1" and "2" with the ECDSA intermediates and that by the time they got to the RSA ones "3" was the next available number.

But it's not clear to me why it was important that the numbers not overlap between the new intermediates but it was okay to overlap with the numbers of the previous intermediates. Like I said, having multiple certs with a "3" in the name expire in the same year (but were really different things) while also having a "3" in the current intermediate name has caused people here quite a bit of confusion at times.

Yeah, it may have just been the favorite letter of whomever made that first cert at DST. In 1998, "X" was a part of a lot of "brand" names (I remember ActiveX and DirectX from Microsoft, and I'm pretty sure there were other X-names around from them as well as other vendors then too) and it might have just been the trendy thing to do to stick an "X" in there to make it sound cooler.


Oops, yeah I thought that ISRG Root X3 was a certificate. I probably confused it with another CA name.


Ah, I understand. An X does sound a lot cooler than an R or a G. It could be that.


Yep, it would have been better to start the numbering for the new intermediates at 5! I wish we'd thought of that at the time, could have made some folks' lives a bit easier.


Maybe for the next go 'round...
You can gold wild and use two digits!
[like YY for the year it was authorized (or due to expire)]

That's how I name my children:
Child 98
Child 01
Child 02


I'm pretty sure software engineers (at least those of us who have been around a while) have a reflexive negative response to the idea of two-digit years. Maybe just use the One True Date Format of ISO 8601 instead? A random number or GUID might be at least as good, though.

Well, just create a few more new intermediates then and revoke the old ones! That won't cause any problems at all, I'm sure. :wink:


@rg305 may not agree with that. He's cool.


X305 just sounds like some radio station...