They've rolled their host key one time, so there's little reason for them to use it on the host side.
Also, I've never had a security issue due to TOFU, have you?
Choosing to use TOFU is a distinct choice from the choice of using the keys generated by SSH, instead of using certificates.
If you do not want to use TOFU, for extra security, you just have to pair the computers by copying between them the corresponding public keys through a secure channel, e.g. by using a USB memory.
Using certificates does not add any simplification or any extra security.
For real security, you still must pair the communicating computers by copying between them the corresponding certificates, through a secure channel, e.g. a USB memory.
When you use for HTTPS the certificates that have come with your Internet browser, you trust that the installer package for the browser has come to that computer through a secure channel from the authority that has created the certificates. This is usually an assumption much more far fetched than the assumption that you can trust TOFU between computers under your control.
thomashabets2•1h ago
I'm guilty of it too. My blog post from 15 years ago is nowhere near as good as OP's post, but if I though me of 15 years ago lived up to my standards of today, I'd be really disappointed: https://blog.habets.se/2011/07/OpenSSH-certificates.html
kaoD•1h ago
I assume you gathered a lot of thoughts over these 15 years.
Should I invest in making the switch?
ibotty•47m ago
There are some serious security benefits for larger organizations but it does not sound as if you are part of one.
thomashabets2•3m ago
In environment where they don't cause frustration they're not worth it.
Not really more to it than that, from my point of view.
papyDoctor•6m ago