is a self signed certificate always invalid the first time?

Stephan von Krawczynski skraw at ithnet.com
Thu Aug 10 18:11:56 EEST 2017


On Thu, 10 Aug 2017 07:53:16 -0700
Gregory Sloop <gregs at sloop.net> wrote:

> [...]
> Clearly there *are* issues with trusted CA's. But they also offer some value
> you can't get with a self-signed cert - especially to people who would
> connect to your servers, but who have no real relationship with you and thus
> no reason to have any trust for you or your certificates. [...] Cheers! -Greg

Let me drop all the rest and concentrate on this idea of yours.
You really do mean that someone not trusting the issuer of some web site is
_protected_ iff this very web uses a certificate from a trusted CA? How should
that work out?
If someone does not trust me or my certificate he should not use my web at
all. The signed-by-CA certificate will not improve the content of the web (or
other service) and therefore would be a fake security component anyway if I'd
like to harm the visitor somehow.
What kind of an argument is this?
Really, the quality of the protected service is not linked in any way to the
used certificate.

-- 
Regards,
Stephan



More information about the dovecot mailing list