So what I *really* want is a host key that's signed by the systems'
admin key, and I want to tell my users, or rather my default suer
setup, "if you see a host key that's signed by _that_ key here, and
if you're connecting to hosts in _these_ domains, maybe print a nice
info the first time you see it in an interactive session, but
otherwise assume it's OK".
i'd agree with this, except i'd say "if you see a host key *bound to
the expected User ID* signed by _that_ key..."
This is because the client should be checking not just that the key is
signed by a trusted authority, but that the authority claims it
belongs to the entity the client is connecting to.
It does raise an interesting question of whether the web-of-trust
should be able to accomodate "only trust key X signatures when they're
bound to User IDs of the following form". This would let you say, for
example, "i trust dkg to identify people/servers within the
fifthhorseman.net domain, but i'd rather not trust his identifications
of anyone else."
Is there a way to represent something like that in the current
web-of-trust architecture?