Benefits in security to a CA signed SSL certificate

Question

This is just a general question regarding the debate between self-signed certificates and CA certificates...

I understand the benefits for a CA certificate due to the avoided warnings generated in most browsers, but how does a CA certificate benefit actual security? I commonly hear the biggest threat is man-in-the-middle attacks, and while I understand this threat using a self-signed certificate, I don't understand how a CA certificate prevents this. I know CAs perform their own security algorithms couldn't the same algorithms be used on self-signed certificates?

I guess I'm just a little irritated by the big business revolving around the need for CA certificates but can't seem to find anything different about them other then these supposed additional security checks they perform. Is there anything a CA can provide from a security point-of-view that self-signed certificates cannot?

Answer 1

Spoofing. If the other party fakes a self-signed certificate, you have no way to check this. In order to check that you have received the valid certificate and not a forged one, you need third-party check which can not be easily spoofed. This is done by carrying the list of root CA certificates (and some intermediate certificates) with your client-side software (Windows includes such certificates for you and major browsers do the same) and verifying the certificate you receive from the server using those CA certificates. With self-signed certificates such verification is not possible.

Of course, you can carry the self-signed certificate with your client application (and this is what some developers do, especially for in-house applications) but this doesn't work with browsers.

Answer 2

The difference isn't in the algorithm, it's in whether people trust the certificate authority or not.

The point of a certificate is to verify that you are making the connection with whoever it is that you intend to make the connection with.

If I say to you "I'm the right server, trust me on this", you may choose not to believe me (after all, you don't know me).

If I say to you "I'm the right server, and I have a certificate to prove it", you could say "ok, and who gave you this certificate?" If my reply is "Joe from around the corner", you may still choose not to believe me.

But if I say "I have a certificate, and you can confirm it with a third party that you trust", you may decide that this is a good proof of identity.

How you confirm it is what the standard is all about (e.g. as described in RFC 5280). But that's just technicalities. You could use the exact same algorithm for a certificate that originated from VeriSign and for a certificate you generate yourself.

The real question is about trust: do you trust whoever is giving you the "proof of identity". We trust VeriSign enough to allow any proof of identity from them to be accepted by every browser. Should we trust individuals that generate their own self-signed certificates? We might do in some cases (in which case you can install their certificates in your browser manually), but not as a general rule.