In addition to sanddancers comment, you can also do things like:
- issue ephemeral certificates (with expiration in the near future) to allow a machine to perform an action but only for a certain amount of time (for example: to fetch credentials from a source to store in memory during machine provisioning).
- use client certificates to authenticate your end-users for secure web apps.
- easily build machine-to-machine trust models that take commercial CAs out of the picture
No comments yet.