@jpmens Thanks! This is neat for hosts that you *own*, e.g. where you have control of the CA and access to its private key which one needs for signing hosts/user keys.

The "traditional" known_hosts/authorized keys was made for multi-user systems where you want secure connections between systems where you do not have root privileges.

But nowadays, most usage falls into the first category, I assume. And a CA makes that easier.

Again, thanks for explaining the details.