Certificate trust
How Kochab handles self-signed TLS certificates without sending keys to an unknown host.
Self-signed certificates are common in homelabs. Kochab uses explicit fingerprint trust so a known certificate can work without disabling TLS safety for every host.
If a certificate changes later, Kochab treats that as a security event and asks you to verify the new fingerprint before sending credentials.