-----BEGIN PGP SIGNED MESSAGE-----
Just my humble opinion:
We had ran a self-signed CA several years.
I would claim, that in theory this is more secure than using pre-installed
third party CAs. Using a self-signed cert per server might do for small
numers as well. However, when it comes to user divergence (or users
coming from a wide range of knowledge and a wide range of devices come
into play), roll your own is nightmare of support. As stated by others,
some clients (Web browser, systems, mail clients, ...) make it hard to
install own certs, Android even claims that the network (all of it from
the interpretation of users) becomes insecure, once you install your own
root cert. It looks like that more and more clients warns *each* time you
access a server with a self-signed cert.
In the end, the gain of security (identify servers) was torpedoed by
support and lack of understanding *and* will, even including poeple one
might think they understand the need of extra steps in favour of security.
IMHO, the cert hierarchie today exclude eavesdropping by normal attackers,
but is not suitable to identify servers or clients, because you (aka I)
cannot trust the pre-installed trusted CAs.
If your set of users and devices is small enough, you can prepare all
devices or offer an installation packet (for home users with a fixed set
of clients), roll your own CA is easy and I would go this way. Alas,
clients *should* mark personally trusted CAs differently than
vendor-trusted ones. So users can see, if they speak with the correct
server or if the server just looks alike, e.g. example.com vs. exampel.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----