Why open yourself up to this type of attack, if your host turns on say active directory, or anonymous FTP they can bypass getting the tokens from you, and steal them their-selves. Your relying on the minecraft server host to supply a secure environment, and that’s not something you can always depend on. IMO.
How are you going to detect a token being changed, and if so warn the user? If you allow the changing of tokens (which you do incase a token gets deleted by a user due to you telling them), how do you check between the “good”, and “bad” changes.
Your relying on a model of security through obscurity which hasn’t worked for multiple buisnesses, and if you would like I can bring up many sources showing, Security through obscurity is not a secure solution to a problem, someone will always figure it out sooner or later.
So how do you keep these certificates secure from outside use? Say you check this on the client side, isn’t it possible to spoof my IP (which is easy to do), and steal your key, again how do you keep your keys secure? How do you keep the checking process secure? It doesn’t show anywhere in your model any hash checking of files, so I could just replace a file, grab your ssl-key (because I have to verify it so at some point I have to have it to check), and then spoof the ip, and control everyone who uses your service.
See Above about security through obscurity (Example: WoW’s server software has been entirely remade almost perfectly by just looking at packets, something much more complex than this (heck I’ve done it) it can be done with yours).
Of course there are always new security flaws (you aren’t going to achieve end to end encryption). Using security through obfuscation is a proven way of getting your code broken easily. You have no checking to make sure (that you’ve mentioned) about client side verification. Why re-invent the wheel by implementing custom encryption (btw Encryption is an extremely hard math problem, and creating an encryption scheme entirely from scratch will most likely be littered with bugs (plug the client will have to perform the encryption to send to the server, or decrypt at some time, and bugs can be found there)). I admit most other HTTP API’s are horrid. Instead of only getting a tiny bit better (if even that), lets step leaps and bounds. I also have mentioned just a few bugs off the top of my head, though give me a day, and i’ll think of more. Such as the certificate hijacking, and ip-spoofing, invalid security of certs, etc. Without seeing any code. That’s a problem.