Security Issues
CAs are third parties and require both parties to trust the CA. (CAs are typically large, impersonal enterprises and a high value target for compromise.) If the parties know each other, trust each other to protect their private keys, and can confirm transfer public keys (e.g. compare the hash out of band), then self-signed certificates may decrease overall risk. Self-signed certificate transactions may also present a far smaller attack surface.
Self-signed certificates cannot (by nature) be revoked, which may allow an attacker who has already gained access to monitor and inject data into a connection to spoof an identity if a private key has been compromised. CAs on the other hand have the ability to revoke a compromised certificate if alerted, which prevents its further use.
Some CA's can verify the identity of the person to whom they issue a certificate; for example the US military issues their Common Access Cards in person, with multiple forms of other ID, and only when a higher authority requires the issue.
Read more about this topic: Self-signed Certificate
Famous quotes containing the words security and/or issues:
“There is something that Governments care for far more than human life, and that is the security of property, and so it is through property that we shall strike the enemy.... Be militant each in your own way.... I incite this meeting to rebellion.”
—Emmeline Pankhurst (1858–1928)
“I can never bring you to realize the importance of sleeves, the suggestiveness of thumb-nails, or the great issues that may hang from a boot-lace.”
—Sir Arthur Conan Doyle (1859–1930)