Well, TOFU is really just the model for how the chain of trust is established.
replyIn practice there isn’t really trust on first use: there’s verify the key matches what’s expected, or distribute keys out-of-band (including certs).
If that verification step isn’t happening, then it’s not TOFU, it’s just blind trust.
From an automation/autoscaling angle, the same thing shows up again:
1. either keys are pre-baked / distributed
2. or, something signs them at boot
Signing an instance key is just another way of distributing trust. It doesn’t remove the need for a root of trust, it moves it.
Certificates just add extra steps around the same underlying task.
I agree. I was just wondering if Userify had a solution for distribution the server signatures to the users.
reply