I know that each node has its keypair and a name in the Party object. These are collected in the NetworkMap.
My question is that for a more secure deployment, is there a mechanism to approve the creation of keypair-name mapping? We don't want random nodes claiming they are someone they are not (and assigning their key pair to them). In principle, there would have to be one or more trusted party that signs the keypair-name mapping, just like CAs sign HTTPS certificates today.
I also know that the TLS connection cert must match the Party name but that is IMHO not strong enough (in case nodes are not connected directly or TLS is misconfigured). Also it leaves no record in the ledger on who signed the keypair-name association at which point in time. Any plans to implement this or suggestions what would be a reasonable custom design?