http://u.qdnx.org/file/rozzin-20130906T140851-3lfmqvw.html
@bobjonkman, there are ways of ensuring that there is no MITM with self-signed #crypto certs. You just need a trustworthy way of doing the initial cert-exchange, like in-person or via a trusted courier (which is what the certificate-authorities are supposed to be).