| My harebrained idea for this: - let companies register a wild card domain in the .local (or a newlocal) namespace: .acme.local - designate the acme company with the ability to issue certs that never expire for any name in ".acme.local" but the browser will refuse to use certs signed with that key for anything outside "*.acme.local" pros: - the acme company can now make equipment that the users browser can connect to over an encrypted channel with zero config on the user's part - the equipment can live off the internet indefinitely - if the acme company is breached, and their signing key is stolen, the attackers can only use that key to impersonate acme company, it doesn't allow them to impersonate any other domains cons: - the browser manufacturers don't care about this use case so its never gonna happen - the cert on the device never expires... and can never be replaced automatically somehow. I think the only workaround is acme could enable users to load their own certs if they are so inclined, but that shouldn't be required. |