Ask HN: Alternative trust model for TLS for private uses

2 points by darklajid ↗ HN
There are quite some knowledgeable crypto people on this board and the subject came up a couple of times in the past: Are there alternative trust models for https/TLS, with no CA?

I'm looking into some 'just me and my family' kind of services. For various reasons the 'get a certificate' is not an option, so it's either self-signed or .. whatever else I could look into.

"Not supported in the wild" might not be a big constraint, since I have reasonably good control over all clients here. What, other than running with a self-signed cert and looking into ways to pin that cert on the client maybe, are my options?

1 comment

[ 3.5 ms ] story [ 9.6 ms ] thread
Trust-public-key-on-first-use, just like SSH does. It leaves only the first connection ever, vulnerable to mitm for the duration of key usage.