in a global network, existing CA-based mechanisms can and should be used
in local and offline networks, a separate key distribution mechanism is needed in order to use TLS. This is currently a gap, but we should define the requirements here (and mention the section in architecture, and also the recent IETF RFC survey paper on onboarding) (TODO: find actual references)
discovery may also be needed, explain how this relates to WoT Discovery (which currently focuses on authenticated discovery, but there may be some overlap)