Generally it involves some answer that doesn't wait till the device and backend are nearly complete. Security shouldn't be the last step of your equation.
Snark aside, there are lots of white papers on x509 provision of devices, including IoT devices. Go read them.
On the plus side everyone who comes across this subthread will have it in mind the next time a friend talks about this great IoT idea they have. Better culture starts at the bottom with one person sharing a thought with another.
You've gone off on several people now who got the exact same impression rather than accept maybe you're not a flawless communicator. You can't expect more charitable reads from others if you're not willing to be the first to give others the benefit of the doubt. This lashing out is definitely not going to convince people you thought about security in advance.
You broke the HN guidelines badly in this thread. We ban accounts that do that. The rules apply regardless of whether other users are breaking them, how bad their comments are, or how bad you feel they are. We've also had to ask you not to break the site guidelines before.
I really don't appreciate this response. Perhaps I've been overly brief about the background of the product's development, but a lot of effort has been put into security. I've read lots of documents about x509 provisioning. I am curious what people here are doing. Telling me to go read white papers is garbage response.
Snark aside, there are lots of white papers on x509 provision of devices, including IoT devices. Go read them.