mmccool
commented
2 years ago - keys are needed for TLS
- in a global network, existing CA-based mechanisms can and should be used
- in local and offline networks, a separate key distribution mechanism is needed in order to use TLS. This is currently a gap, but we should define the requirements here (and mention the section in architecture, and also the recent IETF RFC survey paper on onboarding) (TODO: find actual references)
- discovery may also be needed, explain how this relates to WoT Discovery (which currently focuses on authenticated discovery, but there may be some overlap)
- the scripting API needs an isolated API (for use by the administrator) for managing secure information like keys. See https://github.com/w3c/wot-scripting-api/issues/298