On Thu, 10 Aug 2017 07:53:16 -0700 Gregory Sloop gregs@sloop.net wrote:
[...] Clearly there *are* issues with trusted CA's. But they also offer some value you can't get with a self-signed cert - especially to people who would connect to your servers, but who have no real relationship with you and thus no reason to have any trust for you or your certificates. [...] Cheers! -Greg
Let me drop all the rest and concentrate on this idea of yours. You really do mean that someone not trusting the issuer of some web site is _protected_ iff this very web uses a certificate from a trusted CA? How should that work out? If someone does not trust me or my certificate he should not use my web at all. The signed-by-CA certificate will not improve the content of the web (or other service) and therefore would be a fake security component anyway if I'd like to harm the visitor somehow. What kind of an argument is this? Really, the quality of the protected service is not linked in any way to the used certificate.
-- Regards, Stephan