And it is even more trivial in a small organization to install a Trusted Root for internally signed certificates on their handful of machines. Laziness isn’t a browser issue.

▲

rlpb 8 months ago | parent [-]

How is that supposed to work for an IoT device that wants to work out of the box using one of these HTTPS-only browser APIs?

	▲	metanonsense 8 months ago \| parent [-]
		I am not saying I‘d do this, but in theory you could deploy a single reverse proxy in front of your HTTP-only devices and restrict traffic accordingly.