undefined | Better HN

0 pointsnerdile1y ago0 comments

TOFU for invalid/untrusted certificates is the equivalent of "go there anyway" in a browser Very different than explicitly trusting a Private CA. It means that skilled attackers can rely on unskilled users clicking the "trust me, it's fine" button. All so that someone skilled enough to set up their own email server and certificates doesn't have to configure their system securely?

This is about making bad things harder for unskilled users at the cost of raising the standard for service providers. If you can set up an email server, you can use easyrsa or step-ca or some manual openssl to create your own root CA. Or, register your self-signed email server as a trusted root CA.

Personally, I use easyrsa for my internal CA (with domain path constraints because I'm paranoid) and letsencrypt for my mail server, but I require VPN access to the user ports on the mail server.

0 comments

1 comments · 1 top-level

mmd451y ago

you are assuming i have users and this is a mail server not a website which has a very different access pattern more analogous to ssh where TOFU works beautifully.

j / k navigate · click thread line to collapse