This sucks. Matter is a closed ecosystem, enforced using a public key infrastructure (PKI) and device attestation certificates. Thread seems to require paying royalties if you want to ship devices. It’s disappointing that IKEA claims that this move is towards a more open ecosystem.
On top of that, the switch breaks compatibility with existing hardware (except for the Touchlink functionality). If you have a bunch of Zigbee devices, but at some point want to add some of the new ones, you need to start thinking about replacing all the perfectly working Zigbee devices or have a fragmented network.
> If you have a bunch of Zigbee devices, but at some point want to add some of the new ones, you need to start thinking about replacing all the perfectly working Zigbee devices or have a fragmented network.
Yes, if you're using the manufacturer's half-assed smartphone app, but if you're on Home Assistant, like basically anyone who's serious about their smart home, having multiple kinds of smart devices isn't really a problem. It's just one more radio to configure. Some people run both Zigbee and Zwave, some people run Zigbee + Wi-Fi or even Zigbee + Zwave + Wi-Fi + cloud integrations, Home Assistant doesn't care.
Perhaps I never put enough effort into it, but I've slowly coalesced on only having IKEA smart home products after years of acquiring piecemeal stuff and trying to wire it together with Home Assistant. I've shut down HA, and with every non-IKEA "smart" thing I have nowadays I just use the manufacturer's app (though I've become pretty sour on most smart devices overall and avoid them when possible).
I didn't really care for the way it became a sysadmin job where the stakes of a bad update or me not reading some release notes were that my light switches didn't work until I sat there and futzed around with it. I'm a programmer, enjoy Linux admin, run a whole bunch of servers....but having to dive into logs and YAML configs because the lights in my kitchen won't turn off is just not ideal. Similar issues with HomeKit, except when things mysteriously stop working there's even less ability to diagnose, given Apple's design principles that everything "just works", so apparently providing detailed error messages or diagnostics is gauche.
Home Assistant "just works". Yes it has a ton of knobs, but in the 3 years I've been running it, it's had no issues. Certain manufacturer devices being flaky, yes, but as a platform, it's been rock solid. I've not touched its config in over a year and everything works as it should.
I guess the fact that some manufacturer integrations are flaky is hard to reconcile for me as far as the promise of "having multiple kinds of smart devices isn't really a problem". Regardless of whose fault it is, those flaky devices contribute to a less stable system.
It's been a bit since I was operating it, but I did at times certainly have issues with updates—perhaps just individual plugins or system updates that created an issue, either way, still a situation where I had to sit at a terminal and debug. I only ever ran the Docker version, not the OS, so perhaps this is less problematic in a more completely controlled stack.
I don't think I'm alone in this view, broadly speaking: https://www.reddit.com/r/homeautomation/comments/18hvl3b/i_g...
I have been using Home Assistant for more than 5 years. The stability of the system has improved a lot in the last year. I don't recall the last time I had to reinstall or restore a backup.
At the beginning (0.7 or maybe even earlier) I remember to have to reconfigure or reset my instance a few times a year. Those times are long gone.
For my flaky devices, it it not a manufacturer integration, but over Zigbee. It's definitely the device as my other Zigbee devices are solid. Others have reported issues with the device in question (Aqara Temperature and Humidity Sensor)
I ran the docker version on a QNAP for a long time, now on a Home Assistant Green.
I second that. Home Assistant "just works". I have had it running on this cheap used HP EliteDesk 705 G3 Mini Desktop for more than 4 years now without a hiccup and barely any maintenance or hygeing work on it. Just sitting in my tv stand and doing it's work.
https://homeautomation.substack.com/p/setting-up-home-assist...
Curious, do you do HA updates automatically, manually regularly, or “manually once a year or so”?
Not who you asked, but I do it “manually once a year or so” on a HA instance in a container running on unraid. It sometimes causes problems. Recently HACS (not a built-in part of HA but useful to get some extensions) broke on a HA update and I had to spend more time that I would have liked figuring out how to fix it. It involved running shell commands inside the container. Definitely not for anyone who isn't a techie.
Manual, would do it once a month or so. Hasn't broken ever since I have been running HA. I run the full Haas OS btw.
> Certain manufacturer devices being flaky, yes, but as a platform
This makes me a little weary of your comment. I don't think I'd really care if my lights not working was due to a "manufacturer being flaky" if they worked yesterday, but don't today.
Are you talking about devices being flaky on first setup (which sucks, but is understandable), or are you talking about them being flaky after an update?
I think one solid way of handling the instability is to use high quality light automation (Lutron Caseta, for example) for the things you'll really notice, but for stuff you care less about (for me that's cameras, temperature sensors) you can use cheaper ZWave stuff w/ home assistant. The lights turn on and off when I expect, but temperature might update a little less frequently if HA is flaky.
Long tail can be flaky, but in practice as long as you buy devices that are local first IE don't need to access the cloud you'll be fine.
(For temp and humidity sensors the Bluetooth Xiaomi sensors are great and they're about $5 each)
Honestly, for any sensor that's basically just read only, the best thing I've seen is to just avoid all of the bluetooth/wifi/zigbee/zwave entirely, and just use basic tried and true accurite (or similar) sensors that never need updates and just pull the data with rtl_433. Way, way less fuss, they always just work, batteries last longer, by and large zero bullshit.
It's the devices that is flaky. Some of the shitty bulbs I got don't always turn on in one command but that was true via their own app too. Basically shitty devices aren't magically better via home assistant.
If I had to guess, they're probably referring to the way that certain devices broadcast their APIs to external services. A lot of them have no intention of allowing open access to APIs (e.g., my mini-split controller requires a slight hack to get it connected to HA).
That is, the flakiness isn't due to HA updates breaking connections or an unstable server, but rather manufacturers designing closed and/or brittle systems. Try as they might, the HA authors and surrounding community can only do so much for such devices.
Also, I believe the word you're looking for is 'wary' (as in, to be skeptical or suspicious), not 'weary' (as in, to be tired). :)
I have several Aqara temp/humidity sensors that intermittently lose connection. They don't affect the operation/stability of the rest of the HA platform and is not a problem with HA, as my other zigbee devices that report the same data work fine.
I should probably just remove them, but I don't have any automations that depend on them.
Yes it just works, but it's soooo difficult, here's my annoyances:
00. Installation method - you don't flash ISO into your thumb drive, no you boot ubuntu from usb drive, THEN download ISO and THEN flash your boot drive. This caught so many people. RTFM of course but FM should just say this in huge letters - BOOT UBUNTU FROM USB FIRST.
0. Host method - you either run this in docker and don't get like half features (add-on store) OR install HAOS and don't have access to your device anymore. Wanna use your computer for something else? Tough choice.
1. Integrations vs add-ons vs HACS - why is this so complicated. Add-ons only work when you run HAOS, but HACS works on any installation method. I've spent so much time moving from docker to HAOS just to realize HACS store works with with docker.
2. Root - I've succumbed to running HAOS and now I have no idea how to get root remote root access. Yes I can connect keyboard and a monitor which I had to get for this reason only and there's 0 fun to work on basic terminal on a high res monitor where you can't change font size.
3. UI performance - wanna explore data from one of the devices - either select all sensors from it and let UI crash trying to display 50 charts or pick sensor one by one (with broken scroll on desktop app).
4. Copy paste - how did they managed to break this on their desktop app is beyond me.
5. Disorienting UI - whenever I wanna reboot something I'm pissed off. Whenever I wanna find integration or add-on - I'm pissed off. Why there's media and to-do list? Why do I have to enable professional mode to unlock some menu's?
6. Bizarre way of doing things - wanna add derivative sensor? Install file editor, find some file, then fight fucking YAML syntax and then maybe reboot or reload or restart. Good luck! Why I need to add home assistant user and create password for my light switch?
Bonus. They are not selling their own device (which is great way to get started) and offering some cloud subscription which usually is on path of enshitiffication.
And don't get me wrong, there are things that it does't great and is very powerful and useful, but man it is difficult.
Surprised at your issues with HA. Similarly to others that responded, my setup with HA / zigbee2mqtt and >30 zigbee devices (including some ikea buttons) has been pretty rock solid over many years, including easy migrations from an rpi3 -> rpi4 -> rpi5 (with ssd).
Usually when I had some zigbee issue, it was because of a crappy product (eg some wired air sensor that would spam the zigbee network every 1 second with a lot of data), so then I just stop using such devices and before I buy I check compatibility with HA / zigbee2mqtt.
That's exactly the reason I'm hesitant to dive into Home Assistant myself. I want my smart-home devices to Just Work. I want them to be appliances.
View above is bit outdated. Yes, there was a lot of yaml in the past. Right now you can just install Home Assistant OS and configure it from GUI.
The problem I’ve run into is that once you’re running a lot of devices, you inevitably end up with a bunch of automations and logic that can’t really be simplified. With Apple Home/HomeKit, everything Just Works, but having dozens of automation rules and scenes configured in Apple’s low—information-density UI is worse than managing yaml config.
I don't mind the idea of writing configuration. I mind the idea of things breaking mysteriously, or on upgrade.
There is a tradeoff here. If your expectations are high you will always be disappointed with a smart device advertised as an appliance. it’s difficult to customize to make it _actually_ smart if it’s designed as an appliance, because every manufactures app is limited. Even apple home and google home are junk for automating things. It’s OK as a basic dashboard though.
Here are a few “smart” things my home assistant can do in my home, which are impossible with an “appliance”:
- when washer or dryer is done (detected via power monitoring), send push notification. But ONLY send it to the people that are home at this moment. If nobody is home, send it to the person that left home last. (i store this state in a custom _last_person_departure_ variable).
- if the washing machine door was closed after it was emptied, send push notification to the people that are home. Remind them to leave the door open. (front load washer where closing the door leads to mildew)
- If a water leak is detected, send a push notification. if not ACKed within 3 minutes, send a “critical alert” to everyone’s phone.
- If nobody is sitting on the couch (pressure sensor under the cushions), and no media is playing on the tv, turn off the tv after 20 minutes.
- turn on the hallway light if motion detected or if the front door is in an open state. but keep it on if the door remains open (chatting with a neighbor, bringing in packages, etc) Importantly, delay the “turn off” action with a timer and reset that time if more motion detected or the door is re-opened.
- when i’m on a work zoom call, automatically turn on a red light next to my home office, so family doesn’t interrupt.
That’s just the tip of the iceberg. I also get a push notification when the printers ink is below 20%, and more.
Unfortunately a truly smart home requires effort to set up. Because a smart home is unique to YOU. Everyone has different workflows, habits, and preferences. It’s not a generic off the shelf component like buying a washing machine, where the user preferences can be simplified to a handful of settings.
For what it's worth, mine do. Nothing in my HA has ever broken after an update or randomly for some other reason.
I just lived half a year without Philips Hue remote control because it stopped working during an update and I couldn't bother to check why. It was some name change somewhere, might have been an issue with how I set it up, can't even remember. Simple fix but I did have to dive back to the config files.
ZWaveJS used to break frequently for me, but I run an HA container on a Linux box, rather than the HAOS or whatever. I control the updates, and can rollback if things break, so it's not really a problem.
I installed Home Assistant recently and the docs suggest HAOS is the strongly preferred option these days.
Something about HAOS uses docker to install and manage extensions, whereas if you run the HA docker container it can't as docker-inside-docker isn't supported (?), and thus some functionality is unavailable (at least at the surface level).
I'm sure the support burden is much easier on HAOS. I don't use any Home Assistant extensions, I don't even know what they are. I use a number of custom integrations, but I manage them all through github and github actions. I'm doing great with just running the containers with podman - just need to keep ZWaveJS and Home Assistant in sync and I don't run into problems.
What you’re describing hasn’t happened to me yet with Home Assistant luckily, even after 5+ years of running it. I can’t remember an update ever breaking any of my stuff. I’m running a docker container though so YMMV. Might be different with the other install types.
Me neither, but I'm running the HA Yellow dedicated low power hardware instead so I can keep it running off my battery backup longer just so it lasts as long as it can along with my internet during outages.
I use SmartThings and ive never missed with any configs at all. Only ever one single app - smartthings. Ive been extremely happy after dozens of devices.
Same. Their Hub (now sold by Aeotec) does Z-Wave, Zigbee, and Thread. There is also a pretty active plugin community.
I have about 20 Phillips Hue bulbs at home. My younger brother laughed at me for spending a small fortune on them. Approx 1 bulb per year dies and requires a replacement. Other than that everything just works after the initial setup - daylight like automation.
I even once had my wife add a bulb and while it wasn't easy, she did it.
When a year later I asked brother about the some random bulb he had - didn't work anymore.
It's even better, because Norwegian law gives 5y guarantee on electronics - could just have this bulb replaced as faulty in the shop.
It’s not acceptable for any LED bulb, let alone one as expensive as Philips HUEs are, to die so soon.
I also switched from Philips Hue to IKEA. I like how you can pair things by holding them close and pressing a button. Doesn’t need to get smarter than that for me.
I just use Ikea's remote because I won't bother to link the light and the rmote through HA and set up scenes. It just works as a remote: on/off/dimmer. I can either pair the thing with the HA ecosystem or the remote, but the remote always works, regardlesif HA is on or not. I have just one set of lights.
> if you're on Home Assistant, like basically anyone who's serious about their smart home
I would think that as smart homes become more popular the number of people not using the defaults will rapidly decrease and manufacturers will be less and less beholden to them.
I use HA and all my IKEA lamps are zigbee. Raspberry pi obviously doesn't have native zigbee radio support, so I have a USB zigbee antenna. Now this means if I buy any more IKEA lamps, I would need a second antenna, and the new lamps would not integrate into the zigbee mesh network. It really sucks.
I'm in the same boat; HA is making a considerable effort, but connectivity is challenging. I was a bit frustrated when I found out that the antennas don't support both Zigbee and Matter simultaneously, despite the claim. You can only support one at a time, so apparently we will need the second antenna.
Some USB zigbee dongles can be flashed to be "multi-PAN", but my experience is it's currently buggy and I would let them bake that for a bit longer.
Alternatively, both Sonoff and Home Assistant do a thread dongle for about $30 that you can use simultaneously with a zigbee one. Plus if you have any of the following, they can be used as a Thread border router: Apple TV, HomePod, Echo G4, Eero 6/7, Nest Hub, Nest Wifi, Google TV Streamer. There's also the OpenThread Border Router which can be used on certain ESP32 hardware (ESP32-S3 for $10 or ESP32-H2 for $6?) but that obviously requires more work.
Yes, but then you have a hard-dependency on HA for inter-network communication, which I try to avoid as much as possible (but I fail to, for a couple of subsystems). My failure model is:
1) no electricity, everything down but fiber, wifi, HA and the doorbell (they run off an UPS)
2) internet down: no problem, you just cannot reach the home automation from outside
3) Home assistant down: zigbee devices are paired together (like buttons + bulbs) or I have physical zigbee relays controlling dumb bulbs.
But, as said, I have some subsystem not fully working when (3) happens, like a zigbee button controlling a tasmota-based fan control.
I consider it a requirement of any smart home that alternative methods need to be available during failures. Simply having other devices around that aren’t smart, like an old fashioned light bulb and physical switch to get you through until you can fix whatever is down. 100% uptime is very difficult for large, well-funded IT companies, so I don’t think it’s reasonable to expect it from these consumer-grade devices.
We survived for over 100 years by getting up and flipping a wall switch, so the risk of a few hours without smart features shouldn’t be a showstopper.
Lutron Caseta switches don’t use an open protocol and don’t seem to get much love in the fancy consumer-level smarthome space, but have been bomb-proof for reliability for me and work to turn lights on/off as long as they have power.
Yes and no.
Pairing a Matter device takes much longer than pairing a Zigbee device through Z2M in my experience, and the Matter add-on still sometimes needs restarting as it refuses to allow any more devices to pair after a while.
But - rather than need a Zigbee dongle (or manufacturer hub) if you've got Apple or Google devices such as HomePods you've got a ready made Thread network as they act as border routers.
You can configure Zigbee devices to interact directly to each other, without using the hub as a middle-man for all their communication (the hub only does the configuration itself).
This doesn't work when mixing Zigbee+NonZigbee devices.
See: https://www.zigbee2mqtt.io/guide/usage/binding.html
It is still somewhat annoying for those of us with solid walls.
I can't just add a new Thread device at the other side of my house as the walls attenuate the signal between it and the border router. Equally I can't start replacing Zigbee devices willy-nilly in case I create Zigbee dead zones.
Not the biggest problem in the world but it does mean I'll likely need to get some pointless Thread smart plugs as temporary network extenders when I add my first Thread device.
I wish Matter accounted for mixed-mode networks. If a Thread device is nearby, use that. If not, try Wi-Fi.
Depends on your 2.4GHz band's saturation. Where I live I have only a few "good" channels. I have about 350 zigbee devices over two separate networks - and thus two channels - and the remaining good 2.4GHz channels are used by the physically separate IoT WiFi network. I dont want to deal with yet another network that may or may not like the channel I have to put it on.
HA doesn't care but your radio environment probably does. One of the great strengths of Zigbee is the mesh network - it doesn't matter where in my house I dump something, because all my bulbs are Zigbee repeaters it's going to get a signal and be able to route back to my HA box.
If I now get a _single_ Thread/Matter/Zwave device to replace one that's broken, ignoring the cost of a new radio for HA, I have to give very serious thought to where it's going to live vs signal availability as I build out yet another network.
tldr: HA is fantastic for coordinating disparate devices, but RF still bites.
most people don't want to manage a self-hosted server just for interacting with some smart devices in their home
zigbee has one great advantage over everything else: it's immune to DHCP and DNS failures and misconfigurations. if you're running a pihole or something, it can break iot devices in random ways if your DHCP server boots after your access points. (don't ask me how I know and the fix was to hard reboot my lights by cycling power in the distribution box. not great, not terrible.)
Thread doesn’t depend on DHCP or DNS either.
Agree. It’s a hassle to set up once but then you quickly forget about it.
I don't think that is entirely correct.
Just like Apple HomeKit you can add devices that aren't certified. It shows a warning, but apart from that it functions like a normal device (for as far as I can tell).
I have been using https://github.com/t0bst4r/home-assistant-matter-hub to expose my home assistant devices to Google Home without having to expose my Home Assistant to the cloud.
Second, certification is what separates Z-Wave from Zigbee which in my (n=1) experience means less issues in terms of compatibility.
Of course, with that GitHub package I shared all of that goes through the window, but who cares? I can clone the code and modify it.
> Just like Apple HomeKit you can add devices that aren't certified. It shows a warning, but apart from that it functions like a normal device (for as far as I can tell).
Correct.
Yeah and matter needs internet access in many cases. It was supposed to be the saviour of open home automation. But in practice it leaves too many strings attached that the manufacturer can take advantage of.
And despite it not being open enough for open source enthusiasts, it's also got a bad name with manufacturers. I work for one and I asked why we wouldn't implement matter and thread and it was laughed off because apparently marketing will never give up their own app as a data collection and cross selling vehicle. Of course those are exactly the reasons I don't want this.
I didn't even know about the certification that only big players can do and the locked firmware requirements. It's ridiculous. Why were thread and matter hailed as the open revolution when they're exactly the opposite?
Matter doesn't need internet access, it's an entirely local protocol even when you integrate to other vendor ecosystems.
Now, something like Google Home might decide to go online to talk to a Google Home Hub device, which is where Google wants to initiate all Matter communication from, but that's a Google thing, not a Matter thing.
Technically Matter itself doesn't require Internet access, but you'll come across many devices that won't operate (or even join) without a functioning border router. What's in the spec and the lived experience are sort of different here.
But wouldn't the same issue apply to Zigbee in that case?
>Why were thread and matter hailed as the open revolution when they're exactly the opposite?
Subterfuge PR or the subversion of original intention by greed.
Also, wasn’t there recent news that thread was being abandoned by manufacturers, even declaring it EOL? Or am I conflating that with something else?
I remember an interview [1] with the Nanoleaf CEO (they switched to Thread over Matter years ahead of everyone else) about why Thread/Matter was so difficult, why everyone else didn't adopt it, and that they're going to wait for Thread to get better before they launch new products with it.
On the other hand, I believe all the major Thread Border Router manufacturers (Apple, Google, Amazon, Samsung) have updated their Thread routers or committed to updating their Thread routers to Thread v1.4, which is a pretty major upgrade.
[1] https://matter-smarthome.de/en/interview/nanoleaf-ceo-gimmy-...
Yeah, doesn’t sound like EOL to me. Must have been some other IOT/PAN technology.
> Why were thread and matter hailed as the open revolution when they're exactly the opposite?
Because consumers are lazy and dumb, and do not do any kind of research. They believe what is written on the tin. Why is OpenAI called "open"?
But it's not just consumers. I know the tech press hailed it as the end of manufacturer-specific closed systems, and so did some of the developers like the ones from Home Assistant.
> Matter is a closed ecosystem
If "closed" means open to anyone that has their product certified to adhere to the rules, then I'm ok with that.
That's incorrect. Matter is an open standard.
https://en.wikipedia.org/wiki/Matter_(standard)
>the ability to commission a finished product into a Matter network in the field mandates certification and membership fees,[15][16] entailing both one-time, recurring, and per-product costs.[17] This is enforced using a public key infrastructure (PKI) and so-called device attestation certificates.[15]
Thank you for the clarification?
To be clear, this is the same organization that developed Zigbee, which requires paid certification - without, you're not allowed to say the product supports Zigbee or to use the Zigbee logo.
You can connect devices without this, it just shows a warning during commissioning that the device is not certified. No impact whatsoever.
So by analogy, Zigbee is like USB in that it encourages certification through trademarks, while Matter is like HDCP or Blu-ray in that it enforces certification through technical means (cryptographic signatures)?
> …while Matter is like HDCP or Blu-ray in that it enforces certification through technical means (cryptographic signatures)?
It doesn't even enforce that. You are free to use uncertified devices on your Matter network, as hobbyists making their own Matter devices can attest.
Matter is "open" in that it is published. It is not "open" in that you can make a matter device in your basement.
Here is the Silabs explainer on the certification process: https://docs.silabs.com/matter/latest/matter-certification/
> It is not "open" in that you can make a matter device in your basement.
You can! You just can't ship it/sell it without certification.
https://www.reddit.com/r/homeassistant/comments/1adh8ah/esp3...
> It is not "open" in that you can make a matter device in your basement.
I did exactly that last week... Certification is required if you want to use the trademarked logo in your marketing materials (same as with Wi-Fi and Bluetooth afaik).
I didn't believe any of the information in this post is correct.
What a shit load of disinformation you are spreading. Read up on Matter and Thread, please.
Can I make a Matter device for myself?
Yes. https://developers.home.google.com/codelabs/matter-device
Can I sell it without paying a gazillion fees?
Spoiler alert: No. There's a whole bunch of bullshit: https://developers.home.google.com/matter/integration/pair#p...
You can sort of run your own device if you're fine with giving google far too much information and they can block you at any time.
Face it, bigtech has a hardon for closed ecosystems. If they could they'd make it so every computer that wants to send an ethernet packet has a private key blessed by some bigtech cabal which they can revoke, but luckily for us this standard predates this gross new fetish.
Do you extend that criticism to USB, Bluetooth, WiFi, etc.? The alternative and current status quo is every vendor developing their own proprietary, incompatible and insecure protocols. Unless there's a better alternative I am unaware of, Matter is a step towards greater interoperability and openness.
I do, but it's especially grating here because Zigbee didn't have this restriction, and none of your examples actually enforce it technically. I have some Chinese USB devices that are very useful but use an incorrect VendorID. But I don't care, they work great.
And besides, so far I've been able to use 100% of my Zigbee devices with Zigbee2MQTT and it's been wonderful.
Matter has nothing to do with Google except they are supporting the standard. If you care so much about an open ecosystem Google Home shouldn't even matter, you would be worried about Home Assistant support.
Well, there appears to be some link. I'm not clear on what it is, but here are the Home Assistant docs for using a Matter dev board: https://www.home-assistant.io/integrations/matter/#experimen...
> NOTE for Android users: You need to follow the instructions at the bottom of the page to add the test device to the Google developer console, otherwise commissioning will fail.
Anyway, you absolutely should care about Google Home support if you want to sell a device. It'd be ridiculous to sell something that only works with Home Assistant even if I'd personally be perfectly happy with that.
Are you seriously using some footnote about Android as proof that Google somehow has any control over Matter?
branding is not closing.
a closed ecosystem means hermetically sealed: nothing gets in or out. matter is just treating their brand with respect. not different from any other industry standard.
if you're saying "I want all industry standards to become governmental ones", well, I happen to agree.
Isn't that true for ZigBee too? Can you sell ZigBee devices (and market them as such) without paying fees?
There are no technical limitations preventing this.
No technically limitations, just legal ones. Which are famously irrelevant to international commerce?
You cannot legally certify something as Zigbee with paying a fee. This is the same for Matter.
I don't know why you're downvoted, it's the same reaction I had tbh.
Because it's insubstantial and doesn't further the conversation in a healthy direction.
This isn't entirely true, isn't it? I mean, the whole internet runs on a PKI and we need such a mechanism to ensure secure communication across devices in the network. I understand home devices that contain all sort of sensors and actuators should be handled in a similar fashion, isn't it?
I mean, that PKI doesn't exclude non-approved manufacturers from producing Matter devices, you can always trust their PAA (their CA) in your border router if it's not a well-known manufacturer. And also, I am pretty sure that if this is the case the Matter border router should warn you of this and ignore the fact that the PAA is not in the local store of root CAs (as we did in the times when we had https without Let's Encrypt and didn't want to pay Comodo to sign our certs)
You’re partially correct, but you’ve got enough details wrong details that you’re misrepresenting reality.
Matter has a public blockchain with certificates added to enforce which products are considered certified. This is called the distributed compliance ledger (DCL). The hardware devices are expected to ship with certificates on them that match the public ones, and it’s generally not possible to change the on-device certs.
This is distinct from “normal” internet PKI certificate authority where you can just swap out a few files or grab a new cert from Let’s Encrypt. Because this uses a dedicated blockchain with a history of signatures. Depending on how you want to control the device, you’d need to rebuild the whole chain of trust, including eg signatures from Google or Apple.
Also, from a practical perspective, I’m not sure of any actual controllers that let you point to different certificate sources. You can create devices with a “test vendor ID” (0xFFFF) and the controllers are supposed to ignore certs. This has downsides, like OTA updates require signing, you can’t encode proper identifiers in the device so info pages in apps are wrong, etc.
Also, the “border router” isn’t really the point of trust here, it’d be the actual controller device. A border router is just that, an IP router, like a WiFi router or a Ethernet router.
https://webui.dcl.csa-iot.org/