> This one. Realistically all those devices are depending on external services already.
This is codifying (IMHO) bad practices and a really brittle architecture. Why would you want this? One of the reasons IoT security is a mess is that devices need to talk to internet endpoints instead of staying inside the NATted, firewalled LAN.
I think the NATed, firewalled LAN is an untenable concept: it blurs the line between private and public, a line that security requires making make clear and sharp. If it's connected to a network, it's exposed enough that we should treat it as connected to a public network (which greatly simplifies our threat model); if it's not secure enough for that, it needs to be built as local-only hardware.
I agree. So what's the solution you propose?
- Using a self signed CA that you have to install on all your devices?
- Using a trusted by default CA, that makes your internal-only devices depend on an external service (the CA)?
Or something else?
I'm not saying that encrypting the traffic in a LAN is useless. I'm saying that https and the current CA system is not the solution.