Uncertain Certificates

Author: A.R. Peters,

III. Certificates

This works fine, especially for 1: 1 communication, where Alice and Bob know and trust each other. However, the beauty of a Public Key Infrastructure is that everyone can know and use the public key, knowing that only the private key owner (Bob) can read the messages. We use that massively with HTTPS connections to a website: we use the public key of that website. On the Internet, however, the problem arises that we are strangers to one another, and can not be sure who is behind that website - there are ways to redirect traffic to, for example, www.ing.nl to your own non-ING server (spoofing). Therefore we started using certificates.

Parties that communicate with each other but do not know each other personally, use a third party – Cesar – whom they both know and trust as Certification Authority (CA). Bob sends the CA a Certificate Signing Request (CSR), containing his public key, and a Subject: a unique name (Distinguished Name), which includes his name (Common Name) and organization (Note: SAN).

CA Cesar acknowledges that the public key is indeed from the organization of that name, which he knows. The CA does this by signing the CSR with his own private key. Such a public key signed by the CA is a certificate (according to X.509 standard, see RFC5280: PKIX and RFC6818: Clarifications). Anyone can then check that certificate with the public key of the CA.

That is shifting the problem: how do you know that CA's public key is indeed of the CA? It may be signed by another CA, but eventually there is a "root" CA: the last Certification Authority that everyone knows and from whom everyone has the public key that they trust. PKI works with certificates, so for technical reasons the CA's public key must also be in a certificate. The root CA does this by signing its public key with its private key: a self-signed certificate.

Of course, we can skip all the hassle with CAs, Bob can also give Alice a self-signed certificate and that works well and safely. There is nothing wrong with self-signed certificates.

Most people believe that self-signed certificates are unreliable and may not be used, so I say it again:

There is nothing wrong with self-signed certificates!

A root CA certificate is by definition a self-signed certificate. A CA is only required as an intermediary between parties who do not know each other. If Alice and Bob do know each other, they can exchange self-signed certificates through some secure way, and then communicate at least as securely as when they use certificates signed by any CA.