Term to Learn General Digital Signatures | Digital Signatures |
|
| Thursday, 11 September 2003 | ||
|
Have you ever opened an email message and seen a strange icon or line showing "signed by"? If so, the sender used a digital certificate. Digital certificates allow email senders to authenticate their messages by digitally signing them. These signatures are different from the email signatures people use after their message. A digital signature is an attachment containing code that uniquely identifies the sender. You might think of this as notarized email.
The second benefit digital certificates offer is encryption. This feature is useful if you're concerned about unauthorized access to your email. Encrypting email requires each party to install a digital certificate and an email program that can digitally sign email. Your email program, using public and private keys, handles the decryption process. Even though digital certificates sound appealing, there are drawbacks. The installation process isn't difficult, but involves several phases. For example, remember to use a strong password to secure your certificate. If you forget the password, you'll have to deactivate the certificate and get a new one. Second, not all programs recognize digital certificates. Worse, some email add-on programs, such as tracking services, alter the email in way that invalidates the digital certificate. There are several certificate authorities, but the major issuers are VeriSign and Thawte. In my trials, I found Thawte's process thorough, but more difficult to install. Besides, the free certificate isn't beneficial unless you get their certificate notarized. This process requires you to prove your identity to several Thawte notaries who assign you points. If your area doesn't have Thawte notaries, you can pay for third party verification. Until you accumulate 50 points or pay the fee, your certificate shows as "untrusted". I would discourage use of the certificate until it is notarized. The VeriSign installation is simpler, but they charge a $19.95 annual fee. This is a small price when you think about what you're protecting. The VeriSign setup requests considerably less information than Thawte. My VeriSign certificate just needed an email address, name and credit card number. After the certificate is issued, you need to configure your browser and email program. VeriSign provided more instruction and it was easy to install the certificate for the browser. Installing the digital certificate with email programs proved more difficult. The more established email programs such as Outlook, Outlook Express and Netscape Messenger can send digitally signed email. However, neither AOL nor Eudora allowed me to use my certificate. Another issue that affects these certificates is recognition. Only email programs that use the S/MIME standard recognize digital certificates. Email programs such as Eudora and various web based email systems ignore the certificates. The email displays like other email, but the recipient doesn't know the email has been digitally signed. Microsoft email programs including MSN recognize these certificates, as does AOL. For example, Outlook Express displays a panel the first time you get a digitally signed message. These programs also display an icon showing the email has been digitally signed.  If email is a key to your business and you need to ensure your messages aren't tampered with, get a digital certificate. However, if you're a casual email user, you might want to hold off until the process is easier and more email programs recognize the certificate.
Additional Resources Verisign CertificateThawte Certificate How Predictable Are You |
||
| Last Updated ( Saturday, 12 January 2008 ) | ||
