Video Screencast Help

Symantec Digital ID not safe?

Created: 21 Feb 2013 • Updated: 05 Jun 2014 | 2 comments

I work for a government agency which has a lot of e-mail correspondence with other agencies. We were requested to install digital certificates and decided to go with Symantec digital IDs for secure e-mail.

Both signing and encrypting content have worked fine, but now our main counterpart is requesting that we need a better certificate since the Symantec version is not secure.

Since we do not have any expertise in this area ourselves I would like to know if anyone here could respond to our counterparts argument, verify if they are correct or if the reason for the problem could be found somewhere else? The argument is pasted below:

 

 

Anyway, I would like to strike your attention on the fact that your current certificate cannot be certified by a known and trusted Certification Authority, which could have severe impact on security.
 
If your certificate becomes invalid for any reason, we won't be in order to know it and we take the risk to send sensitive information through an unsecure channel.
 
Could you please envisage to change this certificate or provide us with another one that could be "certified" 

 

 

Operating Systems:

Comments 2 CommentsJump to latest comment

Faizel's picture

Hi Akerling

I manage the Technical Support Department in EMEA for our User Authentication products. Can you please send me an email at Faizel_Anthony@symantec.com with your contact details so we can contact you.

Regards

Faizel

Alan Dundas - Symantec Managed PKI's picture

I exchanged S/MIME signed email with Akerling this morning.   While his certificate is valid, and trusted, it was issued a little under a year ago when our platform issued certificates with 1024 bit public keys.    I suggested that his S/MIME recipient may have raised this keylength as a concern.   According to the "National Institute of Standards and Technology" (NIST) 1024 bit public keys are now classified as "depreciated" and are allowed to be used only until the end of this year.  NIST currently suggest that 2048 bit public keys should be used.

Our current platfom was updated last year to issue 2048 bit public keys.   I have suggested that Akerling should try a new "free" 25 Day S/MIME certificate and see if this meets his recipients security expectations.

http://www.symantec.com/verisign/digital-id

=Alan Dundas

 Technical Director

Symantec Managed PKI