Re: What problem are the certificates solving?
I believe the OP is suggesting that there is no need for the iPlayer (or similar) chain of trust to go outside the BBC.
iPlayer can ship with Public Key A. It connects to Auntie, does the usual handshake using that key, all is well.
At intervals, Auntie gives iPlayer a new public key B, which it checks and installs locally, replacing the old key. It's safe, because the client has already decided to trust that server and has a well-encrypted link. Repeat until bored.
The only difference is that there's no root cert. So it works as long as the first connection is within the expiry date of the initial download or pre-installation, and it's run often enough.
For bonus points you could do things having like multiple valid keys, expiring each a year or two apart so a given client can't expire two keys at once.
The exact validity periods needed will depend on how long TVs spend on warehouse shelves or otherwise disconnected, but I'm sure there's good stats for that.
Biting the hand that feeds IT
