I understand the pain of deploying SSL with shrink wrapped software, but that should not be a reason for us to just say "oh f... it, let's just talk to our devices using plain text and adopt hope as our new security model".
My original statement still stay, with mass adoption of SSL we will have new challenges and will find new solutions.
but that should not be a reason for us to just say "oh f... it, let's just talk to our devices using plain text and adopt hope as our new security model".
That sounds to me like the exact solution you are proposing.
If I'm selling lightbulbs with webservers built-in in an "only SSL signed by a CA" universe, I can only let people talk to it with plaintext and hope no one breaks in.
Right now I can sell lightbulbs with built-in webservers that people can talk to secretly. And with TACK I could keep someone from dropping in on me.
