Shows how to exchange a privately signed blob for a publicly signed blob.
Think about that, again.
Two peers may wish to use their privately signed blobs to create a private trust channels (that induces secure channels, when such as the ssl handshake leverages that authenticated key distribution).
To initialize that private trust, one borrows (and then abandons) the public trust that introduces the security critical private trust parameters to the parties.
Assume SSL handshake uses the private blobs. To get the verification keys into the trust stores of the peers, borrow the resigning of the blob by a public trust provider. Then drop further use of the bootstrap token.