pre-installed CA (was: is a self signed certificate always invalid the first time?)

Steffen Kaiser Thu, 10 Aug 2017 23:40:19 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just my humble opinion:


We had ran a self-signed CA several years.

I would claim, that in theory this is more secure than using pre-installedthird party CAs. Using a self-signed cert per server might do for smallnumers as well. However, when it comes to user divergence (or userscoming from a wide range of knowledge and a wide range of devices comeinto play), roll your own is nightmare of support. As stated by others,some clients (Web browser, systems, mail clients, ...) make it hard toinstall own certs, Android even claims that the network (all of it fromthe interpretation of users) becomes insecure, once you install your ownroot cert. It looks like that more and more clients warns *each* time youaccess a server with a self-signed cert.

In the end, the gain of security (identify servers) was torpedoed bysupport and lack of understanding *and* will, even including poeple onemight think they understand the need of extra steps in favour of security.

IMHO, the cert hierarchie today exclude eavesdropping by normal attackers,but is not suitable to identify servers or clients, because you (aka I)cannot trust the pre-installed trusted CAs.

If your set of users and devices is small enough, you can prepare alldevices or offer an installation packet (for home users with a fixed setof clients), roll your own CA is easy and I would go this way. Alas,clients *should* mark personally trusted CAs differently thanvendor-trusted ones. So users can see, if they speak with the correctserver or if the server just looks alike, e.g. example.com vs. exampel.com.

- --Steffen Kaiser

pre-installed CA (was: is a self signed certificate always invalid the first time?)

Reply via email to