On Thu, 2012-01-05 at 15:09 +0000, Karanbir Singh wrote:
... Keep in mind that you need to have your provisioning happen in a fairly secure environment itself, if you are going to add trust points on signatures like this - specially if they are 'generated' on demand.
Other than installing from a separate network, which is difficult with multiple locations and virtual machines (creating them in a central place then transferring them across the Internet seems unwieldy), what steps can we take to secure the provisioning?