Fal

Fal , 8 months ago to KDE in question about gitlab merge request (invent.kde.org)

Your first way was the right way, rebasing

Fal , 9 months ago to Sysadmin in You have a organizational identity right?

Oh. I’m absolutely including a private CA as part of self signed cert. That’s probably my misuse of the term

Fal , 9 months ago to Sysadmin in You have a organizational identity right?

you are unable to protect against MitM and other forgery attacks

Uhh, using a self signed cert doesn’t mean you just accept any old cert… Not every cert is designed for serving content to a browser. You do SSL mutual auth between services using self signed certs

Fal , 9 months ago to Sysadmin in You have a organizational identity right?

Basically with self signed certs, you control the ENTIRE trust chain. When you use existing CAs, any bad actor in any of those CAs can generate certs that you would end up trusting. So it’s less secure because you have to trust a lot more people.

Fal , 9 months ago to Sysadmin in You have a organizational identity right?

but they fix a lot more problems than they cause

I didn’t say anything that disagrees with this. CAs are nice and convenient. They do this by expanding the chain of trust to a lot more people, hence making them less secure.

Sure if you can’t securely manage your cert, that’s a problem. But that doesn’t mean let’s less secure

Fal , 9 months ago to Sysadmin in You have a organizational identity right?

They’re more secure than CA certs

Fal , 9 months ago to Sysadmin in You have a organizational identity right?

Self signed certs are more secure. You don’t have to trust the whole CA chain