Comment by shakow
Comment by shakow 2 days ago
There is no security hole if I am singing my own certificate for my own mails on my own server; it would mean that I do not trust... myself?
Now if I were to provide this as a commercial service, sure, my customers may be worried.
"This is good enough because I don't expect anyone other than me will use it" is lazy
What would happen if you connected to your mail client today and you got prompted "Trust this certificate?" showing a certificate with the same subject as the one you generated? Most people would click trust and get MITM'ed
Allowing self signed certificates significantly lowers the bar when it comes to generating a new certificate which can closely resemble an existing certificate
Beyond that, the management of multiple trusted certificates creates all sorts of room for confusion in an environment. Presumably most services that you run, run over TLS, do you really maintain every certificate both on it's application and on everything which needs to connect to it? That's a huge amount more effort than signing all your PKI with an internal CA, the configuring your connecting applications to trust that CA