[yalogin]

I don’t understand why the author claims self signed certificates are safe that users on the other end can verify for themselves that it’s the right party. Isn’t this exactly not possible for self signed certs? Anyone can mint a cert in my name, and that is the sole reason why CAs exist.

[horsawlarway]

Anyone can mint a cert in your name, but they can't mint a cert with the same details (pubkey) as yours.

Basically... he's arguing for something more akin to old school email pgp, where you need to have pre-shared details about the other side, and verify them yourself.

Personally - I think that's a non-starter for almost everyone, and is particularly useless for a browser where the details of the cert aren't known until you make a request and establish a tls connection to the other side. None of them support "Pausing" at that point to let you inspect the cert. So how are you possibly supposed to do the verification as a user? (assuming you can even be bothered, which is the whole problem with pgp in email in the first place)

[P5fRxh5kUvp2th]

I think they're saying self-signed certs are ok for encryption IF you can verify it's the right party, not that they're automatically ok.

[JohnFen]

I don't use self-signed certs for this reason. Instead, I run my own CA to sign my certs.

If you want to use my systems, and want to ensure the certs are correct, you need to get and install a root cert from me personally.

[hotpotamus]

Well, you run one self-signed cert then.

[JohnFen]

True, but that's no different than any other root cert. It doesn't really count because it's not a cert that's directly used.

[hotpotamus]

Yep, the root of trust has to start somewhere.