CSE using Comodo’s server to decrypt doesn’t seem secure at all
Thawte (owned by Verisign) is dropping their free personal e-mail certificates. They stopped issuing them this October and all of them will expire this November. So I started to look around for other free e-mail certs. I ran across Comodo’s offering with their CSE product and got interested but it seems their scheme is only secure if both sender and recipient are using CSE (so certs can be distributed or generated locally to prevent the cert issuer from being able to decrypt an encrypted e-mail).
I was reading through the locked FAQ thread “How does CSE EXACTLY work?” at https://forums.comodo.com/help_for_comodo_secureemail/how_does_cse_exactly_work-t30149.0.html which described 3 scenarios of A sending an encrypted e-mail to B, which were:
CSE not needed:
A already has B’s digital certificate. This is without using CSE and the normal means of using e-mail certs. A simply uses B’s public key to encrypt their e-mail and sends it to B who uses their private key to decrypt.
A already has B’s digital certificate.
o CSE not needed.
o This is the normal (old) means of using e-mail certs.
o A simply uses B’s public key to encrypt their e-mail.
A does not have B’s digital certificate.
o A uses CSE to encrypt their e-mail and can choose how B will read it.
- Option 1: B installs CSE to read the encrypted e-mail.
- Supposed fully secure. B is nuisanced with a CSE install.
- Option 2: B forwards the e-mail to Comodo’s server (web reader)
- B uses a password given by A (via telephone or letter).
- Not as secure as B using CSE.
- Option 3: B forwards the e-mail to Comodo’s server.
- No password needed by B.
- Not as secure as using a password. Even less secure than using CSE.
- Option 1: B installs CSE to read the encrypted e-mail.
Understand that I see “not as secure” as insecure and “even less secure” as not secure. A having to give B a password harkens back to when A would create a password-protected file (like a .zip file although there are more secure means of encrypted a file) and attach it to an e-mail. Then A would have to somehow separately send the password to B so B could extract the file. However, only A and B were involved an no web reader at a server. I don’t know how the “no password” scheme works since I haven’t yet used CSE but it appears not a secure scheme, anyway. When A doesn’t have B’s certificate, Comodo’s web reader or server gets involved. Since the decryption is being handled up on the server, that means the document is not secure because a 3rd party (Comodo) can read it. The decryption is occuring up on Comodo’s server. That Comodo doesn’t read the contents is their self-imposed choice, not a restriction.
So it appears the only means of actually securing an encrypted e-mail is:
B sends A a digitally signed e-mail so A can save the public key in it. Then A uses B’s public key to encrypt an e-mail. Only B can decrypt that e-mail using their private key. This is the old x.509 cert scheme. CSE isn’t involved.
Both A and B must be using CSE which assumably generates keys from Comodo’s server but they are stored locally. The old x.509 scheme is still employed by both A and B (i.e., encryption AND decryption are handled at the clients) and CSE is only involved in the initial process of assigning the keys to sender and recipient. CSE is merely used to automate the key assignment process.
Any other scheme that employs Comodo’s web reader or server to decrypt the e-mail means the e-mail isn’t secure. Comodo is given the encrypted e-mail and Comodo does the decryption so Comodo could retain a copy of the decrypted e-mail. Yes, Comodo is probably trustworthy but a proper encryption scheme don’t rely on someone promising that they won’t peek. Even for those that trust Comodo not to peek, hopefully the insecure or not secure decryption schemes for CSE still employ https to secure the traffic between B and Comodo’s server so the decrypted document is sent to B over a secured connection; otherwise, not only is the document not secured against Comodo’s interrogation but it would also be sent as plain text that could be sniffed out in a host anywhere in the route for the connection between B and Comodo.
No more free e-mail certs from Comodo?
With Comodo not (or no longer) providing free personal e-mail certificates (separate of CSE), is CSE still a viable secure e-mail product? I ask because the description of CSE at http://www.comodo.com/home/internet-security/secure-email.php mentions the following:
How do I get a free Comodo certificate?
You can either use the Sign-Up Wizard on the Certificates tab of the SecureEmail main window, or signup for one at [our website]"
The [our website] link goes to http://www.comodo.com/products/certificate_services/email_certificate.html. There is no mention of a free e-mail certificate on that web page; however, that web page is also under a “business-security” web path and under the “Medium to Small Business” category of product offerings. Even if I visit the Products page, click on “Free Products” which scrolls the supposedly free offerings into view, there is no offering for free digital certificates. So if users cannot separately obtain free personal e-mail certificates, can they still do so using CSE? I actually did not come to Comodo looking to involve more software (CSE) in the e-mail cert scheme but instead to find a free e-mail cert to replace those that are getting dropped by Thawte. As I recall, users could get free certs from Comodo (just the cert, and no software required, like CSE). Guess that got discontinued, too. Perhaps now the only way to get a free personal e-mail cert from Comodo is by using their CSE software. However, I don’t always want to encrypt my e-mails but simply want to digitally sign them (so the recipient knows who sent the e-mail and that it did not get altered during transport). Since CSE seems to be all about encryption, I don’t now that I could use it to just digitally sign my e-mails.
In my searching for a replacement free e-mail certificate, I hit instantssl.com which is owned by Comodo. It has a “Free Secure Email Certificates” link but notice the button says “Try”. I already saw the 90-day cert trial at Comodo’s site and wasn’t interested. I’d have to get another one after just 3 months had elapsed. It was bad enough that I had to renew them once a year with Thawte. I clicked on the “Try” button to see what conditions were mentioned for Comodo’s free cert. Sectigo makes no mention of when the free cert will expire. So I clicked on the “Get it free now” button and read through all the terms but still saw no mention of expiration. It mentions “Certificate Period” but never actually states that time interval.
So I cannot find a free e-mail cert at Comodo’s site (comodo.com) except for some 90-day trial stuff. I had to accidentally hit upon their instantssl.com site to find one but the Try button leads me to believe that I’m just looking at another web page for the same 90-day trial certificate.