For Ilya! Recently a conversation came up on a Slack I participate in about PKI, Certificate Authorities, mTLS, etc. and how they all fit together. Ilya had been poking around at some Kubernetes stuff and was seeking more information about how the PKI system was setup. Where the CA came from, how that applied elsewhere, etc. Some others jumped in and they all began to spew information around. And, while the vast majority of it was correct there were some miscommunications that led to bad (and wrong) statements. Not to mention there was such a flurry of typing going on that some wires got crossed. Seeking to clear it all up I wrote a long form response for him which I’ve cleaned up a bit for this post.