Verify TLS endpoint
Verify metadata cert is same as transport cert on metadata's source URL (!) or is signed by transport URL?
Case: metadata at a TLS endpoint, metadata is signed with that [that tls?] key pair. metadata signature is self-referential with a newly minted key, the only root of trust is webTLS
Need clarity
Might be two different heretical verification approaches needed
Verify TLS endpoint Verify metadata cert is same as transport cert on metadata's source URL (!) or is signed by transport URL?
Case: metadata at a TLS endpoint, metadata is signed with that [that tls?] key pair. metadata signature is self-referential with a newly minted key, the only root of trust is webTLS