Comment by stephenmac98
Comment by stephenmac98 2 days ago
It's 2024, PKI best practices are well known and well documented, anybody still using a self-signed certs on their mail server (or anywhere) is either lazy or stupid.
Plenty of existing applications will refuse to connect to a self-signed certificate on the belief that allowing the end-user to confirm a certificate offers basically 0 protection against malicious actors.
There is no security hole if I am singing my own certificate for my own mails on my own server; it would mean that I do not trust... myself?
Now if I were to provide this as a commercial service, sure, my customers may be worried.