Questions about legacy apps/req.c code
openssl at jordan.maileater.net
Wed Dec 22 21:13:02 UTC 2021
On 12/22/2021 1:08 PM, Philip Prindeville wrote:
> I see there being limited application (utility) of self-signed certs, since they're pretty much useless from a security perspective, because they're unanchored in any root-of-trust.
They're OK once you take a leap of faith, check the fingerprint, or copy
the certificate out of band.
In some senses they are *better* than a CA-based cert, because once
established they are not vulnerable to CA compromise.
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users