10

Is there any real reason to use a 3rd party Certificate Authority for your own email security?

( meaning using S/MIME )

I found I am able to become my own CAuthority and create my own self-signed root certificates...and they work just fine installed on my machines and mobile devices.

Is there a compelling reason to use a 3rd party's paid certificates instead of my own self-generated and signed ones that I control?

I keep thinking - the person or entity I most trust with the authority of my validated encrypted emails... is ME!... why would I let an additional un-verifiable by me entity into that chain of communication? - if who Im sending emails to is others who know me and trust that its me..? and why would I PAY them?

I can understand if the communication is between my commercial website and unknown outside individuals who don't know me and are transacting money... but for personal email? between family and well known friends or co-wokers?

Is there something else I don't understand about public-private key encryption that makes having a validated big 3rd party give me the certificates worth paying for?

I understand the need for SSL 3rd party verify when dealing with commerce on websites or trusting websites with your secure connectivity. But between individuals? it seems different...individuals that you know personally even more different. No?

tbarbe
  • 1,299
  • 2
  • 15
  • 22
  • 1
    If only you are going to use it you can add the certificate to the machine. – Rui Lima Aug 16 '12 at 22:20
  • yea the private key side is ONLY for me... and Im personally adding it to the machines that I use.. no one else has access to those machines and they are bolted quite well already. So why use a 3rd party? By introducing another agency...I feel like theres actually MORE risk added... didn't Comodo or whomever get compromised? I don't know these people...I can't verify their validity or who they are even! How do I know theres not someone inside just cracking open whatever I send? – tbarbe Aug 16 '12 at 22:37
  • I believe MS Outlook only accept trusted certificates. – MrCalvin Aug 31 '18 at 12:32

5 Answers5

10

The only reason to use an external CA is so that there's a shared trust root between you and another party. If you control all the machines such as in a domain, then there's no reason at all you can't use your own CA. We have our own domain CA for Exchange. It's actually a lot easier than an external CA because the servers and clients will get the CA certs automatically.

cirrus
  • 5,624
  • 8
  • 44
  • 62
  • but what about for email? S/MIME ? this is really for family emails and close friends emails... Ive heard that the danger there then is that someone spoofs me to my email recipients...but - really....how likely is that? Im not James Bond...Im just joe blow who doesn't want people to see his dirty laundry here and there... ? – tbarbe Aug 16 '12 at 22:34
  • 1
    The trouble you'll have with family and friends is distributing and installing the CA cert. That's the benefit of a 'proper' third party CA, they already have a level of trust on your friends' machines. To be honest though, I'm not sure certificate based authentication of emails is worth it. It's a bit tricky for all parties and invariably it will cause more trouble than it warrants. Hardly anyone does it for that reason. Surprising really, when spoofing an email is so stupidly easy, but then so's writing a paper letter and pretending you're someone else. Just use the same headed notepaper. – cirrus Aug 17 '12 at 00:04
  • 1
    Incidentally, you can get third party certs very very cheap now, some are even free, but in the end I don't know if you'll want the hassle of encrypting all your emails. If it's authentication you're concerned about there are other defences to avoid spoofing (like spf records) that are quite well supported. It's encryption against prying eyes you need, and you really are James Bond, then you could always zip up and encrypt a file containing whatever secrets you want to send. As far as prying though, in practice thesedays it's unlikely (though not impossible) because they're often sent directly – cirrus Aug 17 '12 at 00:08
  • 1
    ...point to point. So your email server would use secure SMTP to send to an address held by your friend on GMAIL (SSL) and they would download it by SSL. If you're just trying to stop your ISP reading your emails then it might not be a concern anyway for most email providers. – cirrus Aug 17 '12 at 00:10
  • Distribution is a snap...I simply send them an email and my public key is signed in it... The rest is a tutorial from a good online page or one I make myself...I still don't see the benefit of having a 3rd party in this loop - how do I know they are the potential spoofer or spy? Wasn't comodo breached? And weren't they a authority with high trust?? Thanks for the info so far!!! :) I'm having trouble even finding this info online written in a way that makes it digestible... I keep coming back to - be your own certificate authority...and that people should learn how to do this. – tbarbe Aug 17 '12 at 05:55
  • In order for them to be to be able to certify that your first email (the one containing your own public key) is authentic you need to sign it using a private key to which they already have the corresponding public key. This typically means using a certificate chain where they already have the CA root certificate. For your friends, that will be from a list of parties like comodo, verisign and the like. They won't have your CA's public key so you've a chicken and egg problem. Another way to distribute your own CA cert is to have them download it via SSL from a secure server, but honestly.... – cirrus Aug 17 '12 at 09:04
  • ...I can't see your friends wanting to install a CA from you in their Trusted Root store (which is a highly privileged administrative task) just to receive emails from you. It implies an awful lot of trust in you as an entity (which they may have) but it wouldn't be very scaleable if everyone had to install a root CA for everyone they want to email with. This works find in an a company email system because the employee laptops are owned by the company and trust the company,so installing a root CA cert for an organisation is practical but not so for individuals with more transient relationships – cirrus Aug 17 '12 at 09:08
  • You dont know my friends, my family...or the people Im talking to... they actually DO trust me to do these things... and yes just to receive emails from me. I think actually the common case here for secure email is that most people only need it for a handful of others... not for everyone they talk to - right? Im not operating an IBM sized business..Im talking about personal email between few people in my most trusted listings. I still think that 3rd party CA is actually a hole opened to those that use it... The more I read - the more clear it becomes. CA stores your private key! – tbarbe Aug 17 '12 at 14:32
  • btw - I already have this working... so Im not sure why you are lost on how it works... I make a private key-pair... I install it on my devices - I send the public key to my friends...they accept the key and mark as TRUSTED - then they respond with their own public key - now we all can go back and forth encrypted... They can make their own CA as well and be responsible for their own security. – tbarbe Aug 17 '12 at 14:33
  • 1
    As I said before, your family and friends probably DO trust you. I wasn't suggesting otherwise. I'm not "lost on how it works", I was simply making the point (as you'd asked the question) what the reason is for a third party CA. And in short, that point is, "ease of distribution of your public key". I was highlighting the problem it solves - if you've solved that problem another way then great. There's no reason why you can't be your own CA if you've a solution to SECURELY exchanging your public key. Please remember that you can't simply email this to people unless you want to open up a hole.. – cirrus Aug 17 '12 at 20:35
  • 1
    ...if you've already send your public key 'in the clear' without any authentication then your family and friends have no way to tell if they key they've received from you is actually yours. You could phone them up of course and verify the signature verbally, or snail mail them. For clarity, by sending your public key in the clear you would have opened yourself (or rather your friends) to a man-in-the-middle attack, so I'm sure you won't have done that. Incidentally, I'm not sure where you read that a third party CA (eg comodo) would be storing your private key.They DON'T.That's the whole point – cirrus Aug 17 '12 at 20:38
  • Ok - thanks for discussing! I hope Im not irritating you with the replies and back and forth - I actually DO appreciate that you are here talking about it. ;) I'm not clear about this... I thought your public key is SAFE to send out - why then have keyservers that publish public keys if they are prone to being hijacked? So I guess the best way would be set up an SSL connection where they can download my public key? but the process is automatic with the mail application... you SIGN an email and send it to your friend..they simply respond...running out of room to talk..chat? – tbarbe Aug 18 '12 at 04:38
  • Also - in an article I read online about setting CA ( which may be wrong or outdated ): http://www.mactech.com/articles/mactech/Vol.25/25.07/DemystifyingPKI-Part2/index.html -- this sentence: For encryption, since that is a little more involved, you need to send a signed email to your desired recipient and they need to send you one. Once the both of you double click and accept the other one's certificates, you can send each other encrypted emails that only the two of you and the root CA can open (because they can store your private certificate). – tbarbe Aug 18 '12 at 04:38
  • I don't think that article is outdated, I'm just not sure it's a very good article. It's a bit misleading. If you are your own CA then you'll have your private key as well. I don't know about all that Mac specific stuff, but it's certainly possible for your CA machine to store the private key as well. But the whole point about PKI is that your private key is retained (private) and your public key is freely (but securely) distributed. Third party CAs don't store your Private key, nor do they need to. Certificates handle the problem of secure public key distribution. Whilst your public key.... – cirrus Aug 20 '12 at 11:13
  • 1
    ...isn't a secret, you have to be sure it hasn't been tampered with. If somebody gets your public key through the Internet (like in an email) how can they be sure it's really you? What's to stop me sending an email pretending to be you, containing my own public key? Answer: Nothing. If I then intercept the emails between your friends and you, they think they're sending encrypted messages but they're unwittingly using my pub key (not yours). I read everything and then re-encrypt with your pub key before I pass it on to you. Neither of you are any the wiser but I'm reading all your mails. – cirrus Aug 20 '12 at 11:15
  • 1
    Third party certificates solve this because the third party's public key is already on both your machines. A certificate takes YOUR public key and encrypts a hash of it (along with some other info) using THEIR private key. Now in asymmetric encryption, this can ONLY be decrypted using their public key (which everyone already has). Your machine then checks that the hash matches what's in the cert and you have now AUTHENTICATED the certificate so you KNOW the public key belongs to the entity named therein. You can't simply email a public key. Now if you are your OWN CA, you don't need a third... – cirrus Aug 20 '12 at 11:19
  • 1
    ...party, you can generate and verify your own certs. HOWEVER, how do you get your CAs public key to your friend in the first place? Apple/Microsoft didn't ship it on the installation CD, so you've a chicken and egg problem. You can't send the CAs public key over email either. So again, this is the problem a third party CA solves. My earlier point about using your own CA within an organisation works because the company controls all the employee laptops, so they can securely install their own CA root cert. There's plenty of secure options for doing that. – cirrus Aug 20 '12 at 11:22
  • And finally, yes, as I said before, you can put your public key, cert or CA cert up on a server for your friends to download and install over SSL, then you're OK, because you're relying on third party certificates with SSL already. But again, whilst you *can* do all this, I'm not sure it's worth the effort since you can get a cheap or free third party cert. They won't have your private key, so they can't do much more than make it easy for you to share your public key. – cirrus Aug 20 '12 at 11:24
  • Thanks for all this info! This helps...my opinion is that having a 3rd party CA is actually a potential risk trade off -- doing it yourself ( depending on your skill level obviously ) can reduce the number of nodes open to you and your info...IF done correctly obvisouly.... I think that checking your hashes out of band between a few folks is not such a difficult thing to ask for - and that with 3rd party CA's having been compromised in the past the algebra of trust in my mind - is better handled on your own ( once again as long as you are capable of handling it properly..) – tbarbe Aug 20 '12 at 13:28
  • - thats why Im asking all these questions... to be sure I have a firm grasp before I shoot my good toe off. ha! Im reading OpenSSL book now and I'll spend time before doing this... I think the other benefit a CA(Public ) provides is ability to REVOKE a bad certificate... so I think thats the one thing missing from doing it yourself... revoking would mean having a server that properly handles this side of it... you are right - free cert is easier... but Im still not sure I trust that public CA's are the absolute safest way to go - I get a nagging feeling that more parties = moreRisk – tbarbe Aug 20 '12 at 13:30
  • Thank you again! Great info..and much of it too. Cheers. :) I've learned something...and will keep looking into it and will keep considering your pov thru my learnings - thanks. – tbarbe Aug 20 '12 at 13:31
1

this article describes it pretty well:

http://www.davidpashley.com/articles/cert-authority.html

and this one is really good too - look at the sidebar commentary:

http://www.area536.com/projects/be-your-own-certificate-authority-with-openssl/

he doesn't specifically mention SMIME email - but I think it falls under this category.

I believe that in my case ( small personal security ) being your own CA is a valid and ok way to do things - as long as you can wrap your head around the process and do it with careful understanding of the limits.

I'll still wait for someone to convince me otherwise here tho... thanks for all answers everyone is helpful!

tbarbe
  • 1,299
  • 2
  • 15
  • 22
0

In my opinion, using a self-signed CA is an absolutely valid option. Certificates issued by this CA and used for e-mail encryption work the same way as if they were issued from a globally trusted CA with the one exception that the end user must manually trust the CA once.

This means that the crucial step is to trust the self-signed CA. However, you can make sure that the self-signed CA is correct, this step is even safer than relying on a global trust company which you must trust but do not have the choice to.

For example, we publish our public CA certificate on the web, asking others who we would like to exchange encrypted mail with to download, import and trust it. It is easy to make sure that they did not get a forged certificate by checking the certificate's finger print with us.

Once they have trusted our CA, encrypted e-mail exchange is no difference to using a commercial, "professional" (intermediate) certificate.

not2savvy
  • 2,902
  • 3
  • 22
  • 37
-1

Nowadays certificates can be obtained for free. A lot of the answers above are valid, but I still choose to use certificate to give host like gmail/yahoo/hotmail less reasons to throw me into spam (doesn't work all the time though).

Spf,dkim,certs.. They are all free, so why not?

I'm using postfix+letsencrypt and working brilliantly.

Someone Special
  • 12,479
  • 7
  • 45
  • 76
-3

When people encrypt their eMail, they just want the email to be transported over the web and to be stored on the target system as an encrypted data set which only the holder of the private key can read.

Signing the email is an additional feature which should identify the sender of the email. Traditionally a signature on paper is used in the western hemisphere which is easy to fake. Therefore an attestation of the signature was required for important documents. Digital Certificate Authorites for SMIME typically attest only that the requestor had access to a certain email address, which is probably worth nothing - certainly not 20 $/year.

For me it is perfectly OK to send my private key via email or exchange it on a memory stick. What's more important is to secure your private key when you really want secure communication. Typically everyone who can get access to your PC has also access to your private key! I'm using a smart card to generate and to store the private key. The key never leaves the card. However, you have to trust the smartcard. I do trust my card because it was developed by my team. This is certainly not an option lots of people have.

legoscia
  • 39,593
  • 22
  • 116
  • 167
Horst Henn
  • 19