> If you trust the user to replace hardware, you permit the user’s hardware to be altered by malicious actors.
The correct way to handle this, however, is to offer to sign the customer's key for a given unit or order, with a mechanism for succession (i.e. simultaneously sign a successor key, and expire the current one).
The correct way to handle this, however, is to offer to sign the customer's key for a given unit or order, with a mechanism for succession (i.e. simultaneously sign a successor key, and expire the current one).