| > Especially for local LANs, but also for small websites, there should be a way to use TLS with a self-signed cert to say hey, I'm not making any strong claims of identity or privacy here, I just want some modicum of obfuscation of the traffic. Also, a user should be able to trust a specific cert once on first visit, and then be warned only if that cert changed. This is asking for trouble. If a site presents itself as https://foo, it should be foo according to global norms of what that means. No self-signed certificates. What I think is needed is a way for a site to make a claim that it can prove in a decentralized way. Here are some examples of ways this could work: https://serialnumber.vendor.com The device has a certificate (with no expiration!) identifying it, signed by the vendor. The vendor provides a new kind of certificate saying that the device cert matches the serial number. The vendor refreshes this certificate periodically. There are thorny issues involving keeping this efficient, revoking problematic certificates, having the client (which likely has Internet access, but maybe not if the device is a router, for example) refresh the certificate if the device itself can’t, etc. https://something_entirely_local The origin could be literally a hash of the device private key. Sure, it’s not human readable, but it could be bookmarked. To make this work, routing info needs to be added too, giving, perhaps: https://iot_device_(hash here)@address_or_domainname/ An IoT device could even have a QR code on it with a link: https://iot_device_abcd1234@something_5678.local Bonus points if there’s also a way to fetch pages like this over something like BLE for provisioning. |