"not any better" seems like an overstatement to me. one security benefit to trust a specific self-signed certificate vs. disabling certificate checks altogether is that the former can be used to ensure the other side is a trusted node of the same organization where a common CA is adhered to.
i don't mind postponing it. i definitely want to eventually follow up on what seems to be a fundamental disagreement on a security aspect.
i don't mind postponing it. i definitely want to eventually follow up on what seems to be a fundamental disagreement on a security aspect.
_Originally posted by @steveej in https://github.com/holochain/sbd/pull/2#discussion_r1578303963_