There is a downside to self-signed certificates.
- A self-signed certificate can be issued by anybody, there is no way of authenticating the issuer.
- Distributing self-signed certificates becomes a pain - if signed by a CA, its easy to lodge your public key where everybody can find it, and knows where to look for it.
- Maintenance becomes a problem
I only use self signed certs for testing.
Robin St.Clair
On 26/11/2013 19:34, Andrew Sullivan wrote:
On Tue, Nov 26, 2013 at 02:18:58PM -0500, Vick Khera wrote:
Using self-signed certs you can give them longevity of 10+ years, so never
have to worry about them again :)
Unless of course you turn out to have a weak algorithm and, say, No
Such Agency decides to take up residence on your network. (It's not
clear that CAs are any protection against that either, though, of
course.) In general, 10+ years is probably too short a time to be
using a cert unless you are completely certain to whom it could be
exposed. (Some would argue that if you had that certainty, you might
not need TLS/SSL anyway. I guess I'd respond that you could use TLS
anyway because it would help in case of a network compromise.)
Best,
A
