TL;DR: Fuck certificate authorities, I’ll be my own authority.
I’m not rich, despite that whole story about software engineers making shit tons of dough. So when I had to make up my mind about buying a certificate, the first thing that stuck out to me was price. Now, mind you, there is no reason why these certificates should all be different prices in the case of single-domain SSL certificates from a provider. My thinking is because of the nature of certificate authorities1 was noble as first, having a central authority that we trust to ensure that the sites and services we interact with are encrypted. Now it’s become a fucking war of money, charging people for generated bits of data that someone else can generate (thought not the same exact set) but provide equivalent security. Yes, I said equivalent security since the only thing that’s changing would be the source of trust. And I trust myself more than some unbodied person on the Internet.
This isn’t providing a solution for anything to be honest. But I’ll have a follow up post about my personal CA for my personal use. This’ll include email amongst other things. And it’s a freaking stop gap solution until our friends at the EFF can get our alternative up and running. That and the introduction of HTTP/2 should lead to more secure implementations of a system we’re beginning to put more and more of our lives into.
If there’s one thing taken away from this, it might be an indicator of my “cheapness”. Maybe I am. But I still can’t see how all of this money for certificates isn’t being used right. I did say I was naive.
I’ll call them a CA from here on. ↩