@Moon @duponin trust on first use is not much better than unencrypted. you can't even tell if a certificate was simply renewed, or if you're being MITM'd. and while CAs aren't ideal, they do a better job at ensuring authenticity than just having no mechanism for that at all. ideal would be kinda what tor does so a CA wouldn't be necessary