[Karunamon]

The likelihood of any one user to be the target of a MITM is vanishingly small. Once that certificate has been accepted, they will be notified if it changes anyways.

Furthermore, the "trust relationship" between a user and a CA is based on nothing more than the CA's sayso. Do you personally trust every cert that your browser does? What about your OS? Trust that they'll never issue a cert they shouldn't? Trust that their operations are secure?

And finally, the self signed CA still protects against passive monitoring and eavesdropping, which I'd say is a much more clear and present threat.

[Someone1234]

Passive monitoring? Sure. Impossible to detect active monitoring? Also yes.

There are literally governments which have used a fake certificate to monitor SSL connections. It wasn't detected for quite a few months.

[Karunamon]

The difference being that we know the first one is happening right now.

The average user will probably not be MITM'd. There simply are too many users and not enough attackers. Additionally, the attacker must hit the user during their first visit to the site or never.

[Nursie]

The average user may well be MITMd by their own government. Doesn't seem that unlikely any more.

Either way, self signing is not as secure as using a CA and it is not just browsers being picky.

[Karunamon]

..in which case they'd just compel the CA to cough up a certificate. This does not apply, at all, to the argument for or against self-signed certs.

[Nursie]

Depends on the government involved, and on the user, and on the authority.

And then it's still no worse than self signed even in the worst case.

[cm2187]

MITM attack if trivial over wifi. And the Snowden files have shown that it is trivial for the NSA too. In fact it is routinely done by the middle-east dictatures to spy on their dissidents.

[dvanduzer]

A self-signed certificate still has the revocation problem, though.

[AnthonyMouse]

All certificates have the revocation problem. The revocation mechanisms have serious performance and reliability issues (e.g. what do you do if you can't contact the server?) which means that hardly anybody uses them and most people who do are doing it wrong.

[dvanduzer]

Somewhat short lived certificates (two weeks?) solve most problems around online revocation. But on that timescale a self signed isn't terribly convenient, so you still need some kind of issuing authority / infrastructure.