Talk:Self-signed certificate
This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||
|
Trusting root certificates
[edit]The following claim is dubious:
- This problem is solved by fiat in X.509 PKI schemes as one believes (i.e., trusts) the root certificate by definition.
Root certificates must not be trusted by definition. Instead the user must make sure they come from a reliable source. E.g., a user may trust a root certificate because it comes included in a authentic copy of a software package that was obtained from a reliable provider. I.e., the authenticity of the root certificates is not checked by verifying digital signatures, but by trusing for example the a mail delivery. 85.3.240.173 (talk) 12:13, 3 January 2009 (UTC)
This is a phrasing nitpick. From a technological standpoint, one either trusts the root cert or one does not; the non-technical reasons for that are not important to this particular discussion. For X.509 to work, one must trust one or more root certs. The entire concept of trust bears its own discussion and would be tangential and distracting here.67.77.46.194 (talk) 18:02, 16 February 2009 (UTC)
- This is hardly just a phrasing nitpick. What would you do if you received a self-signed certificate from an unknown source? I hope you would not trust it, because anyone can generate self-signed certificates. However the current text in the article claims that such a certificate has to be trusted by definition. That is clearly wrong. Root certificates need to be validate by some means, and since cryptography can't do the job here some other way of authentication is needed. Not sure why you find a discussion of the requirements for trusting in a root certificate unimportant or distracting. 92.106.74.178 (talk) 19:50, 18 February 2009 (UTC)
Just my US$ .03 .... in perception (and thus practice) there is huge difference in trusting a "Root Cert" and a "self-signed cert" "Roots" typically comes from large, impersonal enterprises, are built into my browsers, and are used with/by many subordinate certs. (Its the 'we're all in it together' argument.) Self-signed on the other hand are far more personal, meaning I would trust a cert from my wife far, far more than from VeriSign, but far less than one from [email protected]. While in math they could be the same, there is a big distinction in practice. I argue they should be kept separate articles.
Another US$ .03 ... While "technically" a Root Cert is self-signed I agree this is usually a larger trusted organization. A better definition of self-signed would be a certificate that is signed by a server and not by a CA. I believe that is the intended definition. Just generating a cert and signing does not make the server a CA. — Preceding unsigned comment added by 208.76.203.24 (talk) 17:44, 19 December 2015 (UTC)
I didn't check the "talk" for this page when I made the changes (a year or two ago), but in retrospect I think I addressed this topic pretty well (discussing why trust is needed, and how to accomplish that trust; for both CA and non-CA scenarios). I, personally, would consider this topic resolved. Trsm.mckay (talk) 17:23, 25 October 2019 (UTC)
Glaring error in definition of what a CA is
[edit]A CA *NEVER EVER* needs access to a client's private keys. I removed this from the article since it's a huge source of confusion. In fact, a CA that demands your private key should never be trusted. They don't know what they're doing or they're simply criminals. — Preceding unsigned comment added by 84.27.118.46 (talk) 10:28, 19 August 2012 (UTC)
- While this may be the case for many commercial products, there exist protocols which are insecure, if the CA does not possess the client's private key. However, I agree with your change, I don't see a need to address the issue. Skippydo (talk) 14:37, 19 August 2012 (UTC)
- Skippido, would you mind to give an example of a protocol that would be insecure if the CA does not learn the client's private key? 178.195.225.28 (talk) 03:58, 20 August 2012 (UTC)
- I'll have to give it some thought, I don't recall off hand. I believe there was some kind of pairing-based multi-signature scheme, that required the private key for its security proof. Skippydo (talk) 14:26, 20 August 2012 (UTC)
- Skippido, would you mind to give an example of a protocol that would be insecure if the CA does not learn the client's private key? 178.195.225.28 (talk) 03:58, 20 August 2012 (UTC)
Before I get into the technical details, upfront let me agree that under normal circumstances a CA should not request a private key. But there are (at least that I am aware of) two industry scenarios where private keys are legitimately accessed outside of the entities that own them. Now strictly speaking it may not be the CA that is accessing them, but in practice the private keys are being accessed by the same set of key custodians using protection measures similar to the CA. The first is when provisioning embedded systems (Internet-of-things to use the current buzzword) that for reasons of capability or security can not generate private keys themselves. The other scenario shows up in some governmental scenarios, where they judge the risk of flawed key generation are more dangerous than the risks of transporting private keys around outside the owning entity. In both cases the key-pairs are generated in an offline process, than the public keys are sent to the CA to create certificates. Then the keys and the certificates are then injected into the end entities. The key creation and the cert signatures are typically performed using the same system (air-gapped hardware security modules), and the key transport occurs in secure rooms. In any case, I think the article as it stands no longer has this issue. Trsm.mckay (talk) 17:24, 25 October 2019 (UTC)
Signed certificate pricing
[edit]Re: "Certificates bought from major CAs range from tens to thousands of dollars per year.[citation needed]" I don't necessarily want to provide free link juice to commercial CA's but Godaddy or Digicert or Geotrust offer signed certificates for ~$100 per year. The statement was true a handful of years ago but isn't anymore. I'm going to correct the pricing and leave this comment on the talk page as the supporting evidence. Kstinch (talk) 19:26, 6 April 2013 (UTC)
Dear Clueless
[edit]I read the article. Ok then, here it is. This entire article is basically... incompetent. What isn't meaningless is pretty much wrong. Wikipedia again. Or rather, as usual. The issue here (self-signed certificate) is more simply (1) what is self-signed and (2) how does it compare. More simply, the part that is especially poorly presented is the issue of trust. Here the issue is whether the SIGNER of a certificate is trusted or not, not whether the certificate is self-signed or a commercial CA. In some circumstances a commercial Certificate Authority may (in some manner) be trusted, but in other circumstances a sane man shouldn't trust it to vouch for a pile of manure. Actually, the entire "trusted" CA system is a sham, a fraud, snake oil. The authors who wrote the article apparently didn't realize that.. so sad. I weep for mankind and its endless quest for hope in a bottle.
Instead, this article should focus on the objectives served by a certificate. Private communication. Non-repudiation. How are these accomplished with a CA issued certificate? How are these accomplished with a self-signed certificate? The second question is pertinent to the article, but the context of the first question must also be provided.
So, its not about whether, for example, a self-signed certificate "cannot (by its nature) be revoked". What crap. Of course it can be revoked! CA's revoke by one method, and self-signed by another. Dang. What fools these mortals be! The question is whether a certificate is suitable for its intended use, not whether it is unsuitable for some unsuited use. What makes it so, or not so? That is the question.
A (valid OpenPGP or x.509) certificate (SHA1) fingerprint is (generally) sufficient (for nearly all purposes) to identify the certificate UNIQUELY. That's not a big problem, just obtain the fingerprint (from a "trusted" source) and confirm by comparing! Sure its nice to have that done automatically using a "pre-athorized" CA's certificate, but seriously lets not make a stupid mystical mumbo jumbo experience out of this simple process! BINDING the certificate to the third party may be harder, not usually that difficult, the third party CA supposedly does that (but usually what they do is crap, but what-EVER), and whats actually needed varies with circumstances. TRUSTING the other party or the vouching third party with the transaction at issue is still another matter. A CA guarantees essentially nothing useful, even assuming you could subpoena them at great expense to testify, a doubtful waste of time and treasure, so why trust them with anything? Seriously! Anyway, combined these make up the primary considerations for many (but not all) transactions using certificates. "Self-signed" is but an incidental issue in the chain. Frankly, a self-signed cert may be the best deal there is. That possibility should not be ignored.
So when do you actually need a CA issued cert? Good question. Three basic cases. The bank, a commercial website, a public agency. Some others. Only web sites actually use these, another doubtful application of snake oil. All trust systems are crap, instrumentalities of fraud. Still, we continue to hope.. and trust, not because it is a reliable method, but because sometimes we simply MUST do something, and the calculus of risk permits it.
Now I just know some brain damaged third grader will post in explaining about what I just said is somehow wrong, even though it is obviously right, and that God will punish me for blaspheming CAs and stuff. Why? Because Wikipedia is an unsupervised mess, third graders poop here, and this is not the only article that proves that.
Now somebody who is not a brain damaged third grader can try to clean up this article by intelligently considering the above comments... or not. Most intelligent people have concluded that Wikipedia is a failure beyond repair. Yet the children of lesser gods may still hope (apparently in vain). — Preceding comment added by Svengali222 (talk)
- I suggest you edit the article yourself, adding referenced material and removing unreferenced material. The article is in a pretty sad state at the moment. Skippydo (talk) 04:56, 26 September 2012 (UTC)
Regarding the Introduction
[edit]Yeah, well, It's about as clear as mud to me. The reason I arrived at this page was to understand the ramifications of using a self-signed certificate. The introduction fails to delineate the difference between 'self-signed' and a triangulated PKI. The prose is incredibly dense, too dense for any kind of elucidation of this fundamental network security topic. Indeed, this introduction effectively renders this wiki useless. Given its failure to explain, I, for one, will not read further -- there is plenty of credible info on this topic elsewhere.--Squeeky Longhair (talk) 15:57, 12 October 2017 (UTC)
- The introduction has been changed fairy extensively since Squeeky Longhair made his comments, so I won't address them. But I did have some problems with the current introduction, which I wanted to note here (in case I or others have time to address them). The biggest problem is the first 2 paragraphs are based on an open PKI with browser and webserver scenario; and it is only in the 3rd paragraph that they mention other scenarios. So while I think the information is reasonably accurate, and the open PKI scenario is the most common; it misleads by not being upfront in informing the reader that the first 2 paragraphs only apply to a subset of scenarios. Another minor problem is the mix of security details with purpose (which is I admit can be tricky for crypto articles). The intro should be rewritten with a separate and formal definition of a self-signed certificate, than describe the various ways that they can be used. We should also include certificates with formats other than X.509, such as rfc 4716. Trsm.mckay (talk) 19:39, 25 November 2020 (UTC)
- However, they do not provide all of the security properties that certificates signed by a CA aim to provide. For instance, when a website owner uses a self-signed certificate to provide HTTPS services, people who visit that website will see a warning in their browser.... By comparison, visitors to a website that uses a certificate signed by a CA will not see warnings about self-signed certificates. Because such visitors do not become accustomed to bypassing browser warnings, they are less vulnerable to a MitM attack.
- To me, this sounds like self-signed certificates are less secure because they trigger a browser warning, but that's backwards. The introduction then discusses how MitM attacks are possible if a CA is compromised, which has seems off-topic. --Jamesdlin (talk) 06:02, 8 May 2021 (UTC)
- The prose indeed does not explain the problems and usefulness of self-signed certificates. I'll try to update the article today. Anton.bersh (talk) 08:18, 8 May 2021 (UTC)
The definition of self-signed certificate
[edit]The current definition: "a self-signed certificate is a security certificate that is not signed by a certificate authority (CA)" sounds confusing to me. Problems: 1) In non-PKI systems there can still be signatures made by entities who are not CAs (e.g. GPG 3rd party key signature), 2) even in PKI a CA can sign their own key, in my understanding that'd be a self-signed certificate too. I propose a definition that goes states something like: "A self-signed certificate is a security certificate where subject (signer) and object (signed identity) are the same." --Werkov (talk) 14:24, 3 September 2021 (UTC)
- I came here for this and thank you for your comment! The definition of "self-signed" in this article is grossly incorrect. A certificate is self-signed when its public key can validate its certificate's signature. You probably meant this with "subject (signer) and object (signed identity) are the same" but this could mislead other people to mistake self-issued certificates (where Issuer name == Subject name) as always being self-signed certificates.
- Then there are cases where an end-entity certificate is signed by a private CA (i.e. not a browser-forum CA). Those end-entity certificates are not "self-signed" certificates either, even if the person creating the end-entity certificate is the same as the one creating the private CA certificate (which "signer and signed entity are the same" could also be mistaken as). Alestrix (talk) 17:41, 10 November 2022 (UTC)
- PS: the statement "self-signed certificates are public key certificates that their users issue on their own behalf" can and will incorrectly be understood as "I created this certificate myself", which the last paragraph in my previous reply is talking about. Alestrix (talk) 17:46, 10 November 2022 (UTC)
Duplicated paragraph...?
[edit]It looks like the third paragraph at the top replicates what is/was already on the Uses section. Maybe some cleanup is in order? — Gwyneth Llewelyn (talk) 10:35, 24 February 2023 (UTC)
- Start-Class Cryptography articles
- Unknown-importance Cryptography articles
- Start-Class Computer science articles
- Unknown-importance Computer science articles
- WikiProject Computer science articles
- WikiProject Cryptography articles
- Start-Class Computing articles
- Unknown-importance Computing articles
- Start-Class Computer Security articles
- Unknown-importance Computer Security articles
- Start-Class Computer Security articles of Unknown-importance
- All Computer Security articles
- All Computing articles