Whats wrong with being your own Certificate Authority and self-signing for your email encryption?

Question

Is there any real reason to use a 3rd party Certificate Authority for your own email security?

( meaning using S/MIME )

I found I am able to become my own CAuthority and create my own self-signed root certificates...and they work just fine installed on my machines and mobile devices.

Is there a compelling reason to use a 3rd party's paid certificates instead of my own self-generated and signed ones that I control?

I keep thinking - the person or entity I most trust with the authority of my validated encrypted emails... is ME!... why would I let an additional un-verifiable by me entity into that chain of communication? - if who Im sending emails to is others who know me and trust that its me..? and why would I PAY them?

I can understand if the communication is between my commercial website and unknown outside individuals who don't know me and are transacting money... but for personal email? between family and well known friends or co-wokers?

Is there something else I don't understand about public-private key encryption that makes having a validated big 3rd party give me the certificates worth paying for?

I understand the need for SSL 3rd party verify when dealing with commerce on websites or trusting websites with your secure connectivity. But between individuals? it seems different...individuals that you know personally even more different. No?

Answer 1

The only reason to use an external CA is so that there's a shared trust root between you and another party. If you control all the machines such as in a domain, then there's no reason at all you can't use your own CA. We have our own domain CA for Exchange. It's actually a lot easier than an external CA because the servers and clients will get the CA certs automatically.

Answer 2

this article describes it pretty well:

http://www.davidpashley.com/articles/cert-authority.html

and this one is really good too - look at the sidebar commentary:

http://www.area536.com/projects/be-your-own-certificate-authority-with-openssl/

he doesn't specifically mention SMIME email - but I think it falls under this category.

I believe that in my case ( small personal security ) being your own CA is a valid and ok way to do things - as long as you can wrap your head around the process and do it with careful understanding of the limits.

I'll still wait for someone to convince me otherwise here tho... thanks for all answers everyone is helpful!

Answer 3

In my opinion, using a self-signed CA is an absolutely valid option. Certificates issued by this CA and used for e-mail encryption work the same way as if they were issued from a globally trusted CA with the one exception that the end user must manually trust the CA once.

This means that the crucial step is to trust the self-signed CA. However, you can make sure that the self-signed CA is correct, this step is even safer than relying on a global trust company which you must trust but do not have the choice to.

For example, we publish our public CA certificate on the web, asking others who we would like to exchange encrypted mail with to download, import and trust it. It is easy to make sure that they did not get a forged certificate by checking the certificate's finger print with us.

Once they have trusted our CA, encrypted e-mail exchange is no difference to using a commercial, "professional" (intermediate) certificate.

Answer 4

Nowadays certificates can be obtained for free. A lot of the answers above are valid, but I still choose to use certificate to give host like gmail/yahoo/hotmail less reasons to throw me into spam (doesn't work all the time though).

Spf,dkim,certs.. They are all free, so why not?

I'm using postfix+letsencrypt and working brilliantly.

Answer 5

When people encrypt their eMail, they just want the email to be transported over the web and to be stored on the target system as an encrypted data set which only the holder of the private key can read.

Signing the email is an additional feature which should identify the sender of the email. Traditionally a signature on paper is used in the western hemisphere which is easy to fake. Therefore an attestation of the signature was required for important documents. Digital Certificate Authorites for SMIME typically attest only that the requestor had access to a certain email address, which is probably worth nothing - certainly not 20 $/year.

For me it is perfectly OK to send my private key via email or exchange it on a memory stick. What's more important is to secure your private key when you really want secure communication. Typically everyone who can get access to your PC has also access to your private key! I'm using a smart card to generate and to store the private key. The key never leaves the card. However, you have to trust the smartcard. I do trust my card because it was developed by my team. This is certainly not an option lots of people have.