• JWBananas@startrek.website
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    1 year ago

    Are you conflating self-signed and untrusted?

    Self-signed is fine if you have a trusted root deployed across your environment.

    • nickwitha_k (he/him)@lemmy.sdf.org
      link
      fedilink
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      Correct. If using actual pki with a trusted root and private CA, you’re just fine.

      I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.