Web PKI is the standard for resolving server authenticity in IoT device deployments. We highlight it’s known problems and recent hacks against Web PKI specifically in IoT deployments, and show a blockchain-based decentralized PKI (DPKI) approach that enables devices to fetch pinned certificates directly from blockchain to solve most, if not all, of the shortcomings of Web PKI. The demo runs on Raspberry PI on the device and a Firefox extension on the client side both connecting securely to the blockchain will be presented. Previous attempts on light clients struggled to either keep data size small or sacrifice security. We show a new approach that allows even tiny devices such as ESP32 to connect securely to a blockchain.
Collaborative note: https://hackmd.io/@coscup/Hyr-gQg4r