Agreed, that goes to my comment about transportation vs. application layer. Transport security is just one small part of IoT security, of course. It is not a solved problem, but there are a lot of best practices that just aren't addressed most of the time.

To put it another way: Mozilla proposal needs to work with _multiple_ security models. They won't get there overnight.