Certificate authority and its consequences have been a disaster for the human race

Should CA exist in 2k20?

— Me

no. I don’t see a problem in self-signed ceritificates for web to be honest. Instead of relying on CA, browser should remember it’s fingerprint and warn if it was changed.

— a1batross

please add certificate chains and the insane prices from verisign or such that are literally a govt-funded scam :DDDD

— caskd

Ever wondered why you have to pay to secure your website? Or trust whatever ACME is?

There are companies who got their crypto signatures hardcoded in browsers, so the browser automatically accepts that signature without asking you. And you have to renew the cert every year/3 months/dunno. This wouldn’t happen with self signed certs, since you don’t have to renew them ever because… you made them…

When you visit a website that doesn’t have a certificate signed by a shill, you get this:

Browser may say that the website is insecure and shit, but it isn’t: the connection is still perfectly secure between you and the server. Or even stronger, since self signed certs can be whatever you want, RSA8192, ECC512, you name it.

I trust more my friend’s signature than some random corporation, who got their signature hardcoded in browsers.

Why does this thing exist?

Alternatives