January 30, 2003
X509 Certs
What's an X509 Certificate?
An X509 Certificate allows you to exchange secure messages. The certificate itself is a file you get from a certificate authority.
If you want to send mail securely you can both sign and encrypt it with a certificate. If you sign a message the receiver can verify it's from you. If you encrypt the message only the receiver can open it.
- If it's signed, it can be assured it's from you.
- If it's encrypted no-one other than the receiver can open it.
How do I get an X509 Certificate?
If you want a certificate you can get a free personal one from Thawte. If your company sends a lot of secure messages they may have an organizational certificate. Check with your corporate IT personnel.
Can I send you signed mail?
In order to send me signed messages you'll have to send me your public key. In return I'll send you mine.
What's easier, PGP or X509?
For you're using Netscape, Outlook and Outlook Express it's probably easiest to use X509 certficates. You can use PGP buy you'll first need to download and install the software. There's also a free version of PGP known as GnuPG For regular e-mail I generally prefer using the X509 certificates. For sotware development I tend to use PGP, mainly because I know the tools better.
Ok, so why bother with this?
The short answer? For privacy and to avoid junk e-mail. SPAM is a blight on everyone's e-mail inbox. Using certified mail may allow you to better filter out the junk. If you've accepted someone's certificate then mail from them will be sure to get delivered. If it's junk mail it won't be signed and it certainly won't be a verifiable signature. But beyond spam, if you encrypt the messages you can be assured that nobody other than the intended parties will open or read it. You can also be sure the messages are really coming from that sender.
