> That's not a constructive argument. I don't see how they could make it work?
Give each one a subdomain that resolves to its local IP, and give it a valid certificate for that subdomain.
> extract them and become able to impersonate some Philips device.
Or the attacker could just have a real, non-impersonated Philips device. If the user deliberately points their browser at the wrong device's site, nothing can save them. This is a very different problem from securing access to the correct site.
> You would have to make all users install a trusted certificate authority tied to their individual device.
That's not true, and I don't even understand what benefit that would have.
If you have a way to deliver a CA, instead you should deliver the correct address of the device. This makes 'MitM' impossible without any downsides.
Give each one a subdomain that resolves to its local IP, and give it a valid certificate for that subdomain.
> extract them and become able to impersonate some Philips device.
Or the attacker could just have a real, non-impersonated Philips device. If the user deliberately points their browser at the wrong device's site, nothing can save them. This is a very different problem from securing access to the correct site.
> You would have to make all users install a trusted certificate authority tied to their individual device.
That's not true, and I don't even understand what benefit that would have.
If you have a way to deliver a CA, instead you should deliver the correct address of the device. This makes 'MitM' impossible without any downsides.