• nickwitha_k (he/him)@lemmy.sdf.org
    link
    fedilink
    arrow-up
    6
    arrow-down
    2
    ·
    1 year ago

    Correct. If using actual pki with a trusted root and private CA, you’re just fine.

    I took the statement to mean ad-hoc self-signed certs, signed by the server that they are deployed on. That works for EiT but defeats any MitM protection, etc.