My WiFi is shared with my family, and my siblings have friends come over sharing the WiFi password carelessly. Anyone of those guests could have a rogue device and not even know it.
My brother has his own PC and I'm concerned about my brother's ability to keep his PC clean.
I have servers running on my LAN and I use self-signed certs for them.
Considering how many connected devices are on my LAN that I do not control, does this mean my self-signed certs are potentially useless and my secure comms are potentially useless?
How can I solve this without needing FQDN and CA == (let's talk about fingerprinting)?
I know the first step towards a solution would be VLANs to containerize non-trusted guest devices. However, there should be a way to have trust with a self-signed cert even when there are rogue devices in the network (enter fingerprinting).
I really want to understand fingerprinting and how I can manually crosscheck keys to know if there is a MiTM.