Book II. The Shadow of Trust and the HSM of the Soul

Trust is architecture, not feeling.

v2.1 — Revoking the Root

Life is like PKI: everything is fine until someone revokes your root certificate. And it is, as a rule, not the enemy who revokes. It is the one who issued it.

Probability: 0.95

v2.2 — The Private Key of the Heart

The heart is like a private key. Never share it, even with the one who says they just want to "sign your love". Real love will first present its certificate chain.

Probability: 0.94

v2.3 — The HSM of the Soul

True trust cannot be imported. It is created manually and stored in the HSM of the soul — the one even you connect to by PIN, and which, from time to time, you forget.

Probability: 0.96

v2.4 — The CRL of Time

Time is like a CRL: sooner or later, everyone ends up on the list. While you are not there yet — go and sign.

Probability: 0.93

v2.5 — Life's OCSP

You can control certificates, but not life — because life has its own OCSP. It replies neither valid nor revoked, but hold on, checking.

Probability: 0.92

v2.6 — The Quiet Root CA

A true root CA does not shout about its authority. It simply signs, and everything it signs lives. Be like a root CA. But please, back it up.

Probability: 0.90

v2.7 — Trust the Result

Do not trust the one who says "trust me" without naming what result. Trust the result, not the session.

Probability: 0.89

v2.8 — Self-signed Solitude

A self-signed certificate is not a lie. It is simply loneliness, formatted according to X.509.

Probability: 0.87

v2.9 — Expiry Without Monitoring

When a certificate expires, the world does not collapse. The world collapses when you forgot to monitor it.

Probability: 0.95