On 12/22/2021 1:08 PM, Philip Prindeville wrote: > I see there being limited application (utility) of self-signed certs, since > they're pretty much useless from a security perspective, because they're > unanchored in any root-of-trust.
They're OK once you take a leap of faith, check the fingerprint, or copy the certificate out of band. In some senses they are *better* than a CA-based cert, because once established they are not vulnerable to CA compromise. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris