• Fal@yiffit.net
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Basically with self signed certs, you control the ENTIRE trust chain. When you use existing CAs, any bad actor in any of those CAs can generate certs that you would end up trusting. So it’s less secure because you have to trust a lot more people.

        • nickwitha_k (he/him)@lemmy.sdf.org
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          And if you’re not using a trusted CA, you are unable to protect against MitM and other forgery attacks, as well as needing to rely upon a mechanism like TOFU in order to avoid auth fatigue and other human error, which is not great.

          • Fal@yiffit.net
            link
            fedilink
            English
            arrow-up
            7
            ·
            1 year ago

            you are unable to protect against MitM and other forgery attacks

            Uhh, using a self signed cert doesn’t mean you just accept any old cert… Not every cert is designed for serving content to a browser. You do SSL mutual auth between services using self signed certs

            • nickwitha_k (he/him)@lemmy.sdf.org
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              You do SSL mutual auth between services using self signed certs

              If you do, you remove the ability to prove that a service is what it claims to be as this requires accepting its provided cert - that is, authenticate it. You have to trust somewhere, even in a “zero trust” environment. Using self-signed certs for services to communicate means that you have to either have manual involvement every time a service comes up or accept the authenticity of a self-signed cert automatically. Either would be a compromise in security over use of a private CA, not an improvement.

              Again, that works if your only concern is data across the pipes being encrypted during transmission but, it removes nearly all of the other additional security provided by PKI and increases your threat surface. It can be acceptable in some cases, like dev envs or as temporary measures but, with the constant increase in malicious traffic and activity, we’ve got to aim for better.

              • Fal@yiffit.net
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Oh. I’m absolutely including a private CA as part of self signed cert. That’s probably my misuse of the term

                • nickwitha_k (he/him)@lemmy.sdf.org
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  Oh! Then you are doing it right. That was basically my entire objection - having A chain of trust is necessary to effectively and securely use certs because you have a mechanism to validate, rather than trust the cert that is presented as authentic. :)