[michaelt]

> So that any large entity can own your servers with easy.

Eh, let's not pretend existing SSL certificate validation is anything to write home about.

Even without any ephemeral servers involved, barely anybody is validating cert fingerprints on first use.

And among people using ephemeral servers, 99% of applications have either baked a certificate into their image (so that any compromised host means a compromise of the critical, impossible-to-revoke-or-rotate key) - or every new server gets a new cert and users have either been trained to ignore certificate warnings, or they've disabled strict host key checking and their known hosts file.

The existing SSL cert validation options are perfect if you're a home gamer or you're running a few dozen bare metal servers with all your SSL users within yelling distance in the same office. But we all know it's a joke beyond that.