Trying to avoid belaboring that all root certificates are self-signed in #TLSMastery.
It's in there, sure. But I want to put it on every page. Along with screaming "CAs are a scam!"
@mwlucas while you are rightfully trouncing CAs, are you covering alternatives like DANE? Also do you cover being your own CA and the options for how to do it like setting up your own crl and ocsp server and ocsp stapling?
@mwlucas oh. Something I forgot to mention. One thing I’ve noticed is that I’ve been noticed. I see regular probes to my ocsp server from google, microsoft, and apple