
On 15/04/2016 4:51 PM, Rick Moen via luv-main wrote:
Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
letsencrypt perhaps? It works very well.
It (https://letsencrypt.org/, a recently invented, automated, no-charge CA) solves the one specific problem it set out to solve, well. And it's commendably well intended & benevolent.
So many wise words, Marian flu or not. Still, I've used self-signed certs too over the years and only occasionally tried out other options .... for me, right now, letsencrypt is better due to how the main browsers are setting up users to distrust anything that doesn't come from a CA (however untrustworthy CAs might be). GPG signed certs, not likely; there are plenty of other considerations, but GPG signing /may/ be part of a greater solution. How about having fingerprints saved in DNS records, self-signed or "official" CA signed certs ? I wish trust in computers (not just CAs) wasn't so broken. :( Cheers AndrewM