[dfc]

Saying that it is like WPA3 Enterprise after the initial pairing is somewhat unfair. The trust in the initial pairing is a large part of the draw. The trust on first use model you describe is similar to using a self signed certificate on a website. Sure, after you connect and trust the self signed certificate your connection to the server can use the same algorithms that it would have used with a trusted CA. But for large deployment there is something to be said for being able to trust that you are connecting to the right infrastructure.

[eru]

SSH does mostly fine with trust-on-first-use.

[samus]

It is really not. It's only fine if accessing the wrong machine is considered less bad than access by an unauthorized user. Depending on what you'd upload or download, that assessment might differ.