Security Issues
CAs are third parties and require both parties to trust the CA. (CAs are typically large, impersonal enterprises and a high value target for compromise.) If the parties know each other, trust each other to protect their private keys, and can confirm transfer public keys (e.g. compare the hash out of band), then self-signed certificates may decrease overall risk. Self-signed certificate transactions may also present a far smaller attack surface.
Self-signed certificates cannot (by nature) be revoked, which may allow an attacker who has already gained access to monitor and inject data into a connection to spoof an identity if a private key has been compromised. CAs on the other hand have the ability to revoke a compromised certificate if alerted, which prevents its further use.
Some CA's can verify the identity of the person to whom they issue a certificate; for example the US military issues their Common Access Cards in person, with multiple forms of other ID, and only when a higher authority requires the issue.
Read more about this topic: Self-signed Certificate
Famous quotes containing the words security and/or issues:
“Is a Bill of Rights a security for [religious liberty]? If there were but one sect in America, a Bill of Rights would be a small protection for liberty.... Freedom derives from a multiplicity of sects, which pervade America, and which is the best and only security for religious liberty in any society. For where there is such a variety of sects, there cannot be a majority of any one sect to oppress and persecute the rest.”
—James Madison (1751–1836)
“How to attain sufficient clarity of thought to meet the terrifying issues now facing us, before it is too late, is ... important. Of one thing I feel reasonably sure: we can’t stop to discuss whether the table has or hasn’t legs when the house is burning down over our heads. Nor do the classics per se seem to furnish the kind of education which fits people to cope with a fast-changing civilization.”
—Mary Barnett Gilson (1877–?)