On 12/22/2021 1:08 PM, Philip
Prindeville wrote:
I see there being limited application (utility) of self-signed certs, since they're pretty much useless from a security perspective, because they're unanchored in any root-of-trust.
They're OK once you take a leap of faith, check the fingerprint, or copy the certificate out of band.
In some senses they are *better* than a CA-based cert, because once established they are not vulnerable to CA compromise.
-- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
