Not just your ISP. If an attacker slipped a device onto your LAN and also you happened to be sshing to a new box for the first time then TOFU poses a problem. But that's an awfully limited attack surface. It's similar to the difference between leaking a fax while it's sent versus leaking years old emails that are just sitting there on an internet accessible server.
As for your ISP I think you should never rely on TOFU over the public internet. If you really don't want to do ssh certs it's easy enough to make the host key available securely via https.
Exactly. We'd had discussions about building https://Userify.com (plug!) around SSH certificates, but elected to go with keys instead, because Userify delivers most of the good things around certificates without the jank and insecurity.
It's not that certificates themselves are insecure themselves, it's that the workflows (as the parent points out) are awful. We might still add some automation around that (and I think I saw some competitor tooling out there if you're committed to that path) but I personally feel like it's an answer to the wrong question.
It's no different compared to regular SSH private keys. You need to protect it from compromise.
However, it provides you an additional layer of protection, because it does not need to be on the critical path for every SSH connection. My CA is a Nitrokey HSM, for example. I issue myself temporary certs that are valid only for 6 hours for ephemeral private keys.
> if the outcome is reliably and deterministically achieved
It's not. My favorite example: due to vibe coding overload literally nobody knows what configuration options OpenClaw now supports. (Not even other LLM's.)
Their "solution" is to build a chat bot LLM that will attempt to configure OpenClaw for you, and hope for the best, fingers crossed. Yes, really.
The openclaw situation is ridiculous. Configuring it is a nightmare, even with 3 different LLMs trying to help. Then I check their docs and it says three different things. Agents will take questions and turn them into a new config file, which consists of made up settings, causing the gateway to crash.
My setup is very simple too, just two agents, some MD files, and discord. Nothing else. These people using it for real work or managing their email and texts are in for a rough ride.
Have you seen the code generated by AI? These things converge on the "1 million lines to make an API call" pattern. They're a lot of things, but certainly not "micro".
Except, apparently, Anthropic - who are doing their darndest to get everyone onboard their tools as a moat. Apparently that's the only strategy to AI stickiness.
And their strategy kind of worked, right? CC is the most popular agentic coding tool. Anthropic faces competition from OpenAI (potentially better model, weaker TUI tool) and from the rest (potentially worse models, weaker TUIs). So their strategy is to develop both: make their closed model and closed tool better than competition so that when people want to vibceode they will choose their ecosystem.
reply