[HowardStark]

I think moving OTA updates for embedded devices to project-specific key management rather than relying on web roots of trust should become the norm.

Since your firmware images should themselves be signed and relying on some physical fusing of the key hashes + have some ratchet system, this leaves a web root-of-trust as a liability.

With the setup described above, you could deliver the OTAs signed by some key material that could more easily and/or effectively be made public.