Comment by cpach

Comment by cpach a day ago

0 replies

View on Hacker News

Please keep in mind that a self-signed certificate is quite different from a certificate that is signed using a private CA.

The self-signed certificate has no link to a trust anchor. So it’s easy for Mallory to replace it with her own malicious certificate. It’s much harder for Mallory to replace a certificate that is tied to a CA.