Have you tried that with various devices these days? It's getting increasingly difficult to convince various mobile OSes to accept internal root CAs (largely for good reasons, but that's a different discussion).
> you need to leverage the existing public infrastructure, which doesn't give it away as a free beer but sells it.
No, it's the opposite these days. The existing PKI these days is free (Letsencrypt and others), but getting a public domain that any browser-acceptable CA will issue certificates for isn't. Your domain registration/renewal fees don't pay for that PKI.
I think it's urgently needed for browser vendors, the IETF etc. to get together and figure out a solution for accessing "mymediocreiotdevice.home" without a barrage of "zomg no HTTPS!!", "zomg self-signed cert!" etc. warnings, as these will only desensitize users further to actual problems on publicly-accessible sites.
This is what I said in the first place - public DNS is not free. The costs to get in range but the minimal isn't that much ($5/year to be precise), so the question is between any amount at and no at all.
> you need to leverage the existing public infrastructure, which doesn't give it away as a free beer but sells it.
No, it's the opposite these days. The existing PKI these days is free (Letsencrypt and others), but getting a public domain that any browser-acceptable CA will issue certificates for isn't. Your domain registration/renewal fees don't pay for that PKI.
I think it's urgently needed for browser vendors, the IETF etc. to get together and figure out a solution for accessing "mymediocreiotdevice.home" without a barrage of "zomg no HTTPS!!", "zomg self-signed cert!" etc. warnings, as these will only desensitize users further to actual problems on publicly-accessible sites.