That's an interesting proposal, but I'm concerned that it sounds a bit like intentionally crippling TLS. Historically, TLS has had all sorts of subtle bugs that could bite you in the ass unless you did things just right. It will take a lot of time and effort to demonstrate that the layered protocol you propose is no less secure than vanilla TLS.
I'm also not sure whether it's a good idea to make it so easy for typical users to add their own CA certificates to smart devices. Such a facility could be easily subverted by criminals and governments to eavesdrop on a large number of users. (Remember when people would XSS themselves on Facebook by pasting crap into their browser console?)
It's just as impossible to open a backdoor for the owner and nobody else as it is to open a backdoor for the FBI and nobody else. So I think there's some value in making it difficult to eavesdrop on your own devices. Perhaps it really should require taking off the cover and attaching a serial console.
I'm also not sure whether it's a good idea to make it so easy for typical users to add their own CA certificates to smart devices. Such a facility could be easily subverted by criminals and governments to eavesdrop on a large number of users. (Remember when people would XSS themselves on Facebook by pasting crap into their browser console?)
It's just as impossible to open a backdoor for the owner and nobody else as it is to open a backdoor for the FBI and nobody else. So I think there's some value in making it difficult to eavesdrop on your own devices. Perhaps it really should require taking off the cover and attaching a serial console.