Comment by SAI_Peregrinus

I don't mean to imply it's just the format, merely that they're unrelated. Different file format, different trust model, different threat model. The point is that a device manufacturer or network administrator can trust all devices that have valid certs signed by their internal issuer, and create ways for devices to rotate host keys & request new certs.