Garrett: We need better support for SSH host certificates

Matthew Garrett looks atthe recent disclosure of GitHub's private host key, how it probablycame about, and what a better approach to key management might look like.

The main problem is that client tooling just doesn't handle thiswell. OpenSSH has no way to do TOFU for CAs, just the keysthemselves. This means there's no way to do a git clonessh://git@github.com/whatever and get a prompt asking youto trust Github's CA. Instead, you need to add a @cert-authoritygithub.com (key) line to your known_hosts file by hand, and sinceapproximately nobody's going to do that there's only marginalbenefit in going to the effort to implement thisinfrastructure. The most important thing we can do to improve thesecurity of the SSH ecosystem is to make it easier to usecertificates, and that means improving the behaviour of theclients.