Bootstrapping SSH security

[Saku Ytti]

Hey,

What is the canonical way that SSH security should be bootsrapped. How
are users expected to know if fingerprint is correct or not?
To me canonical way seems that it's not done, at all, only very very
few use communicate the fingerprints somehow.

Are there reasons why we couldn't out-of-the-package trust on SSHFP
when found with validating DNSSEC?
Those few how have higher security requirements could manually turn it
off. I feel it would be net-gain on security, but I may have missed
some important arguments.

Thanks,
-- 
  ++ytti