Self signed certificate protects you against any _short term_ attack - insuregent must maintain his own certificate, interceipt your connections, redirect my packets _BEFORE_ I connect very first time (after it, I got certificate and am protected). So, it is reasonable (to use commercial certificates) for public financial services (banks, e-commerce); all other kinds of services do not require it - all insurgent can do is to fraud you once in a life... unrealistic scenario. Certificate Authorities are a very good example of _blown up_ business. (Yes, they verify identity... what the difference, if you maintain 1 or 100 domains under the same company name and same basic level domains... Certificate should cost 20% for 1 year, not 400$). Do not overestimate importance of it... it is more for the public relations, not for the real security. (but I never propose any bank, any point of sale, any e-commerce to use self-signed certificate for _public_ service... even if risk is 0.000001%).. ----- Original Message ----- From: "Steven M. Bellovin" <smb@research.att.com> To: "Sean Donelan" <sean@donelan.com> Cc: <nanog@merit.edu> Sent: Wednesday, April 28, 2004 6:05 PM Subject: Re: Buying and selling root certificates
In message <Pine.GSO.4.58.0404281950200.9806@clifden.donelan.com>, Sean
Donelan
writes:
Not that SSL certificates are worth the paper they aren't printed on; I still find this vaguely disturbing. Just who do you think your computer is trusting?
http://www.websheji.com/domain-names/news/id506.html Bob Parsons, CEO of Go Daddy, said that Starfield Technologies, a subsidiary of the company, bought an unused root certificate, trusted
by
99% percent of the browsers from ValiCert Inc more than a year ago has been developing the system since then.
I'm not that interested in SSL for web servers, but I have noticed a gradual increase in the number of mail servers willing to STARTTLS with mine. I was experimenting with trying to verify some of the certificates presented, its not real security, but makes the logs cleaner.
Matt Blaze said it well: "A commercial CA will protect you from anyone from whom they won't take money."
Put another way, what's your threat model? Against what threats are you trying to defend yourself? Rob Seastrom seems to be trying to defend himself against passive eavesdroppers, for which SSL without certificate verification is an entirely adequate defense. If your concern is phishing, however, you need to check the certificate chain, the policies of the trust anchor (AKA "root CA"), and its reputation for actually enforcing those policies with proper verification. Verisign, for example, was fooled a few years ago by someone who claimed to be Microsoft -- but they had sufficient back-end verification that the spoof was detected. Is this good enough? What's your threat model...?
--Steve Bellovin, http://www.research.att.com/~smb