On Wed, Mar 29, 2023 at 06:59:42PM +0000, Slavko via Exim-users wrote: > Why in hell the certificate signed by same (anonymous for me) > group (understand CA) is considered as secure, but certificate > signed by my own CA is not ? Only because someone (anonymous > for me again) decided that these "public" CA are "good" and added > to list of system's CAs... And what are these "root CAs"? They are > the same self-signed certs as anyone other can generate.
One can generate self-signed certs, paying 2 cents, but you can't generate trust for such amount of money. Trust to public CAs can be measured by cost of related risks and business, starting from hundreds of thousands dollars. > How do you can know, that these "public CAs" did not sign rogue > certificate? (search net to examples) Such questions are pointless while cost of your data is less then cost of trust to public CAs. Nobody wants to sign "rogue cert" for your 2 cents. If you don't trust public CAs, use your own for peer-to-peer communication. But you can't force other people to change their minds, leasing 2 cents. -- Eugene Berdnikov -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/