Questions about legacy apps/req.c code
Jordan Brown
openssl at jordan.maileater.net
Wed Dec 22 21:13:02 UTC 2021
On 12/22/2021 1:08 PM, Philip Prindeville wrote:
> I see there being limited application (utility) of self-signed certs, since they're pretty much useless from a security perspective, because they're unanchored in any root-of-trust.
They're OK once you take a leap of faith, check the fingerprint, or copy
the certificate out of band.
In some senses they are *better* than a CA-based cert, because once
established they are not vulnerable to CA compromise.
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211222/952e48af/attachment-0001.htm>
More information about the openssl-users
mailing list