2019-03-17 UTC
# Zegnat Hmm, assertions look to be dependent on prior established trust. From skimreading the RFC. E.g. I requires assertions to be cryptographically signed to stop tampering, but the only way to verify such a signature is through prior exchanges. Or you need to tack on some sort of key discovery system.