alt Hacker NewsIf that's all you want to accomplish, you don't need WebPKI. Just generate a private key and a self-signed certificate.
(This is basically how Let's Encrypt / ACME accounts work)
If that's all you want to accomplish, you don't need WebPKI. Just generate a private key and a self-signed certificate.
(This is basically how Let's Encrypt / ACME accounts work)
How do I convince the tens of thousands of other servers that my private key can be trusted without some kind of third party trust architecture?
There's DANE but outside of maybe two countries that's impractical to set up because DNS providers keep messing up DNSSEC.