Comment by Animats
But how do you distribute the certificates? It's cold-starting peer to peer distributed systems that's hard.
But how do you distribute the certificates? It's cold-starting peer to peer distributed systems that's hard.
This is a general problem with all federated systems.
It's annoying that we don't have a decent solution to this even for home automation. You ought to be able to take a "house ID key", probably a Yubikey, and present it to all your devices to tell them "you're mine now". Then they can talk to each other.
There are military cryptosystems which have such hardware. There's a handheld device called the Simple Key Loader.[1] That's what's used to load secure voice keys into radios, encrypted GPS keys into GPS units, identify-friend-foe codes into aircraft, and such. It's 15 years old, runs Windows CE, has a screen with a pen, and is far too big. The Tactical Key Loader is smaller and simpler.[2] 7 buttons and a small screen. About the same size as a Flipper Zero, but ruggedized and expensive.
[1] https://info.publicintelligence.net/SKLInstructionGuide.pdf
[2] https://www.l3harris.com/all-capabilities/kik-11-tactical-ke...
When you setup the robots you could load them with the PKI and then load each other robot joining with a signed certificate. Not ideal, I admit.
Another way would be to somehow prove that you belong.