this is 100% correct
… but also, i do wish we had the best of both worlds: ONLY paper ballots are submitted as trustworthy, however machines that print on paper ballots (so if the machine stops working you can use a pencil as usual still). this ensures that people mark the ballots in a valid way, they can physically look at their ballot paper and ensure it’s what they want before submitting it, and the machine can record its ballots so they can be fed into a computer as a “preliminary” count so results are available ASAP, with the paper ballots confirming validity - the preliminary count is meaningless other than speed; paper ballots are the source of truth
worth repeating the KEEP YOUR PRIVATE KEY SECURE part if you’re trusting a root - if you trust a root, it may be able to issue a TRUSTED cert for other domains - mybank.com, etc and leave you open to attack