> Let's Encrypt solves a lot of this but not all of it. In particular, it makes it harder for people to screw around starting out because you can't even send the link to your mom until you buy a domain and learn how DNS and Let's Encrypt work etc.
Were you ever going to send a link to a bare IP address to your mom?
You can get a free subdomain and programs will automate the certificates as they serve off your desktop. The hardest part of self-hosting is often doing the port forwarding.
> Were you ever going to send a link to a bare IP address to your mom?
When you're in the same house and it's the local IP of your machine? Sure. You could also use the local machine name via mDNS, often with no additional configuration.
That's assuming you can (and know how to) turn off the warnings.
And many browsers do warn for self-signed certificates even on local IPs. They may not warn for unencrypted connections -- which is a weird choice given that TLS with a self-signed certificate is still more secure (e.g. against passive eavesdroppers) than unencrypted HTTP -- but HTTP/3 doesn't support unencrypted connections or self-signed certificates.
Sometimes it's worth considering what the long-term implications of something are.
HTTP/3 is likely to become widely adopted over time, if for no other reason than that people install software updates and it becomes the default once popular browsers and web servers add support. People may even like the new features.
Then we get some new security vulnerabilities that get fixed in HTTP/3 but not older versions, and by then only a minority of sites use the older versions, so they get a warning. That spurs most of the holdouts to switch to the new version because they can't have scary browser warnings driving users away from their site. Which in turn allows the older versions to be fully deprecated and ultimately removed. And that's more likely here because the code for handling TCP and UDP are quite different and people aren't going to want to maintain the former if hardly anybody is using it.
It'll be years before that happens, but if a problem is foreseeable then maybe we should demand a solution contemporaneously with the creation of the problem instead of foisting it on the kids.
The current trend as far as I can tell is that it's easier than it used to be to host a web server. So that also has long term implications.
It's really tricky to predict exactly what web servers will do, but I don't see any reason to think it well ever be hard to set one up. You're fixating on a very specific warning and the way you're extrapolating into the future assumes that half the software changes but the other half doesn't. It just doesn't work well to predict things. And we already have solutions, they're just used less because HTTP/1 is so easy.
Another thing to consider is that the number of household devices that need access is growing rapidly. We're not going to break them all.
Were you ever going to send a link to a bare IP address to your mom?
You can get a free subdomain and programs will automate the certificates as they serve off your desktop. The hardest part of self-hosting is often doing the port forwarding.