On Thu, 2012-01-05 at 15:09 +0000, Karanbir Singh wrote: > ... Keep in mind that you need to have your provisioning happen in a > fairly secure environment itself, if you are going to add trust points > on signatures like this - specially if they are 'generated' on demand. > Other than installing from a separate network, which is difficult with multiple locations and virtual machines (creating them in a central place then transferring them across the Internet seems unwieldy), what steps can we take to secure the provisioning?