Mixing trust and encryption that resulted in centralized TLS was probably a design flaw. Certificate pinning in DNS is an attractive "fix", but moves the problem up a layer. But DNS is already centralized, so there's that.
> Right now you can self sign on your mailserver and it works just fine
Well .. sort of. Until you have to interact with google or ms mail servers. After an hour of wondering why your mails are getting blackholed, one starts to reconsider one's life choices.
> Right now you can self sign on your mailserver and it works just fine
Well .. sort of. Until you have to interact with google or ms mail servers. After an hour of wondering why your mails are getting blackholed, one starts to reconsider one's life choices.