• Fal@yiffit.net
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    2
    ·
    1 year ago

    but they fix a lot more problems than they cause

    I didn’t say anything that disagrees with this. CAs are nice and convenient. They do this by expanding the chain of trust to a lot more people, hence making them less secure.

    Sure if you can’t securely manage your cert, that’s a problem. But that doesn’t mean let’s less secure

    • partyparrot@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      I think it’s important to distinguish use case. Or make more qualified statements instead of saying self signed certs are always more secure.

      Like, are we talking about a single certificate pair per service contained on your local isolated network? Sure probably then.

      Otherwise, very likely not.