This document is work in progress.
The solutions outlined here are not intended to be complete. Our objective is to explore the details of the problem, and outline high level solutions for further investigation and refinement.
This issue being addressed is complex, with serious security implications. But the issue exists because of well meaning security concerns, which relate to the globally accessible web server use case. This has created a top down design which to date has neglected the very real use case of connecting security over browser to local resources.
We also need to recognize "trusting an IoT device" is very different to "trusting an Internet web site". The solutions we create should not attempt to shoehorn an inappropriate set of convention and protocols on what amounts to very different use case. However, at the same time we need to recognise that the user does not care. They will want a similar, familiar browser based experience because that is what they are used to and that is what works.
It is appearing increasingly likely that to address this security concern, we need to re-think or at least augment how the browser relates to local resources. This may require some fairly fundamental changes to both local networking protocols, convention and user interface.
To avoid accidentally baking in partial solutions that have the potential to skew the market, the issues need careful consideration.
In particular careful consideration should be given to both the operational role of the manufacturer over time, the long-term points of failure and most importantly of all, the rights of the user to manage and maintain their purchased devices.
We actively welcome comments and improvements to these documents. In particular we are encouraging working prototypes of potential solutions that can be tested for scale and usability.
If the problems highlighted above are of concern, you would like to find out more and are interested in joining the SIG, please get in touch: https://manysecured.net/contact