Is there any real reason to use a 3rd party Certificate Authority for your own email security?
( meaning using S/MIME )
I found I am able to become my own CAuthority and create my own self-signed root certificates...and they work just fine installed on my machines and mobile devices.
Is there a compelling reason to use a 3rd party's paid certificates instead of my own self-generated and signed ones that I control?
I keep thinking - the person or entity I most trust with the authority of my validated encrypted emails... is ME!... why would I let an additional un-verifiable by me entity into that chain of communication? - if who Im sending emails to is others who know me and trust that its me..? and why would I PAY them?
I can understand if the communication is between my commercial website and unknown outside individuals who don't know me and are transacting money... but for personal email? between family and well known friends or co-wokers?
Is there something else I don't understand about public-private key encryption that makes having a validated big 3rd party give me the certificates worth paying for?
I understand the need for SSL 3rd party verify when dealing with commerce on websites or trusting websites with your secure connectivity. But between individuals? it seems different...individuals that you know personally even more different. No?
The only reason to use an external CA is so that there's a shared trust root between you and another party. If you control all the machines such as in a domain, then there's no reason at all you can't use your own CA. We have our own domain CA for Exchange. It's actually a lot easier than an external CA because the servers and clients will get the CA certs automatically.