• Valmond@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 hours ago

    How would that matter?

    Say my website sends you my homemade cert, if you don’t use it you cant communicate with me (or go unsecure).

    Why myst some “trusted entity” emit tjose certificates? They are just a bunch of RSA keys!

    • lud@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      3 hours ago

      Because there is no difference from your homemade cert compared to anyone else’s homemade cert.

      So if someone else claims to be your website and uses a similar homemade cert there is no way to know that the site isn’t yours.