Posted by Sebastian on Apr 15

Am 2016-04-14 16:19, schrieb Reindl Harald:

I don’t. But even if you roll your own CA, you’ll have a hard time
avoiding someone with a wildcard CA (updater, every other page you open,
…). Also, to use <keygen> you need to have a secure connection
beforehand (or use http, which would make every MITM happy). Now it is
possible to work around this, too, but then you may as well use fully
encrypted channel.

The actual point…