The entirety of web encryption is such bullshit. I am 100% for encryption, it's vital to protect data, and https is a great thing, but why cant I use a self signed cert? Why do I need to be an issuing authority? What utter bullshit.
The fact that browsers deny us access to using our own certs, deny us being the sole proprietors of our public and private key pairs is absolute horse shit. It's a great resource that lets encrypt is now widely trusted, but why the fuck does it take this much effort and momentum to become "trusted", the whole TLS infrastructure is built on a house of cards and no one wants to admit it.
You can't in the general case use a self-signed certificate because TLS is insecure against a realistic attacker without a root of trust that can sign the handshake. This is a basic problem, maybe one of the fundamental problems, of any secure transport, most especially the ones that serve anonymous clients.
You could use a self signed cert, as much as you like.
We just don't have a good place to stash and validate them, so that when I visit your website (or my bank) I know which cert to expect. As soon as you invent this central place, you get the authority back again.
Well, yes, but every browser and http tool is going to have alarms blaring shouting at the user that this site "isn't secure"--which isn't exactly true. A self-signed certificate is no different from one rubber stamped by a CA, the only difference is my self-signed cert is mine and mine alone, and the rubber stamped one I willingly rescinded my keys to a third party.
What's funny (and sad) is we kinda do have a solution. In RFC 6698[1], using DNSSEC, we could use DNS-based Authentication of Named Entities (DANE) to have TLS without a CA, now, unfortunately, DANE is not supported literally anywhere anyone cares about, but we have it, no CA needed. As far as I see it, there is no reason to need a CA.
DANE is a certificate authority, just one baked into the DNS, where nobody has any recourse for misissuance. That's not the reason it failed in the marketplace (it failed because widespread crappy middleboxes maul DANE DNS requests, which means you can't deploy it in a mode without obvious downgrade attacks), but it's the reason nobody is putting much effort into coming up with a second iteration for it that might be workable --- after stapling failed, I think it's pretty much dead.
The fact that browsers deny us access to using our own certs, deny us being the sole proprietors of our public and private key pairs is absolute horse shit. It's a great resource that lets encrypt is now widely trusted, but why the fuck does it take this much effort and momentum to become "trusted", the whole TLS infrastructure is built on a house of cards and no one wants to admit it.