Well, it really depends on if you want somebody to trust or not. If you don’t want to trust anybody except yourself, then you can just use Tofu and be good with it. The only reason I brought up using search engines as an index is just to give people a place to look.
If I want to visit CNBC and I’ve never visited them before, I could just go straight to CNBC and trust their certificate right away. Or, if I wanted to confirm that the CNBC certificate was likely valid, I could ask DuckDuckGo, Google, and Quant. And if they all agreed that they had the same certificate that I was getting, I’d be more likely to think that it’s valid.
Well, you can just generate your own SSL certificate on your machine, locally. I believe you can probably do it with OpenSSL. I’ve only done it with my Monero node, and they offer a binary, which will generate a certificate for you. I would just look up how to create a self-signed SSL certificate. My guess is it’s just a few commands in the terminal.
No, I meant the logic where the browser would prompt the user to review and verify the cert for a particular website without consulting a CA. I run some self-signed certs already but I’d love to implement this in my homelab.
Oh, this is certainly complex logic (for the search engine I mean).
Well, it really depends on if you want somebody to trust or not. If you don’t want to trust anybody except yourself, then you can just use Tofu and be good with it. The only reason I brought up using search engines as an index is just to give people a place to look.
If I want to visit CNBC and I’ve never visited them before, I could just go straight to CNBC and trust their certificate right away. Or, if I wanted to confirm that the CNBC certificate was likely valid, I could ask DuckDuckGo, Google, and Quant. And if they all agreed that they had the same certificate that I was getting, I’d be more likely to think that it’s valid.
This is actually a great idea. Is there an opensource implementation of it?
Well, you can just generate your own SSL certificate on your machine, locally. I believe you can probably do it with OpenSSL. I’ve only done it with my Monero node, and they offer a binary, which will generate a certificate for you. I would just look up how to create a self-signed SSL certificate. My guess is it’s just a few commands in the terminal.
No, I meant the logic where the browser would prompt the user to review and verify the cert for a particular website without consulting a CA. I run some self-signed certs already but I’d love to implement this in my homelab.
Oh, that was an idea for a way to do it. Not anything that’s been implemented, or at least not to my knowledge.