alt Hacker News> IMO it would be great to have your home router act as a local CA that can only issue certificates for .local domains and have that trusted per default by user agents. Would make smart home stuff a lot better than the current situation...
How would you talk to the router and make sure the communication is actually with the router and not someone else? The browser/lightbulb comes with trusted CAs preinstalled, but then you would have to install the routers CA cert on every device you add to the network.
In the case of WiFi, you use a password and WPA2?
Sure, if someone knows your WiFi password they could set up an "evil" router close to your house with the same SSID and credentials, or they could break into your house and install LAN wiretaps, but c'mon, if you are this paranoid you probably don't even have a smartphone in the first place.