Because of the case for absolute simplicity, I think that in a cloud based use-case - it might even make sense to remove the TOFU and make the ssh client even less user friendly; requiring the - expected host key to be passed in on every command by default - would dramatically increase the security of real-world SSH usage. - In order to make it more human-friendly again while keeping the security benefits, + it might even make sense to remove the TOFU and make the ssh client even less user friendly; require the + expected host key to be passed in on every command. + This could finally remove some of the fine-print from real-world SSH usage and make the protocol easier + for the uninitiated to understand. + In order to make it human-friendly again while keeping the security benefits, we can create a new layer of abstraction on top of SSH, create regime-specific automation & wrapper scripts.