Even when using certificates, the protocol puts the `alias` separately in the discovery message, so clients will have to try not to let that be spoofed.

(But they can still be spoofed in ways client can't detect, especially if humans verbally verify by alias).