Comment by denkmoon

Comment by denkmoon 2 days ago

0 replies

View on Hacker News

>"This is good enough because I don't expect anyone other than me will use it" is lazy

is both a mischaracterisation of the argument, and wrong. It's not lazy, it's a choice with pros and cons. Just because you don't like it does not mean it is lazy. Again, issuing your own certificates is a choice.

Allowing self signed certificates does not "significant lower the bar". Did you know that all root certificates are self signed?

The management of multiple trusted certificates is basic administration for large private networks. Yes, TLS and certificate management can be complex, but that is not a good argument for disallowing it, and the idea that managing your own certificate trust is against "best practices" is ludicrous.