Hi All, I've been reading through the wiki and I can't seem to find an answer. When one onboards a new device, I can see how ownership is transferred and keys are exchanged. After that a server will register a resource and clients use discovery to find that resource.
What I do not see is anything that would allow a client to verify a server's resource. Once a device is on-boarded are its resources implicitly trusted? The scenario I'm thinking about is an android malware that registers itself as a resource host and something like a door lock uses the compromised resource host as a delegate. Additionally how does one programatically detect and trust what type of device has been added, who made it, what resources it has? Thanks for any help pointing me in the correct direction! Kyle
