I mean, the CA is also self hosted so I’m not sure what you think the extra attack vector is here.
Comment on What is the best trategie to refresh ssh keys?
Anekdoteles@feddit.org 2 days agoSooo, CA unreachable means connection dead, which is a manageable risk. But giving a third party the authority over my SSH access sounds like a great way to make it convenient for state actors to invade my privacy.
AbidanYre@lemmy.world 1 day ago
mik@sh.itjust.works 17 hours ago
CA unreachable means no renewals, but identity verification (login) is offline. As long as certs renewed fine, connection to the CA is not needed.