[Info-vax] [OT] Zero trust software, was: Re: Rethinking DECNET ?

[JF Mezei]

>> What are the advantages, and disadvantages, of using purchased 
>> certificates vs the ones you can generate yourself?

With a purchased certificate from say Verisign, the other peer can check
with Verisign the authnenticity of your certificate before proceeding
with communication. (aka: make sure you are the one who say you are).

With self signed certificate, there is no way to check authenticity of
the certificate, so you could be an imposter maskarading as someone else.


> Self-signed certificates remove a possible attack vector for the NSA.

Yep. But this is a new advantage now that we know that commercial
certificates, formerly seen as far mreo secure,  are compromised by the NSA.