[AnthonyMouse]

> Let’s Encrypt and web 1.0 still work and domains are cheap.

First the newest version of the protocol stops supporting something. Then, over time, most things switch to the new version, and the old version becomes unsupported.

It's a notable change when the new version doesn't support something that the old one does, because that thing is probably going away.

Let's Encrypt solves a lot of this but not all of it. In particular, it makes it harder for people to screw around starting out because you can't even send the link to your mom until you buy a domain and learn how DNS and Let's Encrypt work etc.

> You can still give your site out on big platforms or use a QR code.

The big platforms don't like to encourage their competitors. Links to off-site content are not likely to be promoted by algorithms.

QR codes imply that you already have access to a large existing network of people in meatspace, which has never been true for most people.

> Users of open social networks can directly transfer value now, with KYC at the on and off-ramps.

How does that work? The internet is global but anyone without a first world bank account is stuffed. Even when everyone is in the US they can't send even trivial amounts of money to each other without an incompetent/predatory corporation acting as an intermediary.

Meanwhile the theory also doesn't work, because "KYC at the on and off-ramps" is pretty meaningless for any system popular enough for its internal credits to be a de facto currency. But KYC has never really worked anyway. It has, however, caused a lot of trouble for innocent people who just want to be able to transfer small amounts of money for ordinary purchases without being subject to warrantless mass surveillance and the caprice of infuriating bureaucracies.

These are real problems that deserve to be solved rather than dismissed.

[Dylan16807]

> Let's Encrypt solves a lot of this but not all of it. In particular, it makes it harder for people to screw around starting out because you can't even send the link to your mom until you buy a domain and learn how DNS and Let's Encrypt work etc.

Were you ever going to send a link to a bare IP address to your mom?

You can get a free subdomain and programs will automate the certificates as they serve off your desktop. The hardest part of self-hosting is often doing the port forwarding.

[AnthonyMouse]

> Were you ever going to send a link to a bare IP address to your mom?

When you're in the same house and it's the local IP of your machine? Sure. You could also use the local machine name via mDNS, often with no additional configuration.

[Dylan16807]

If it's in the same house you can turn off the warnings. Though wait, aren't the warnings already disabled for local IPs?

[AnthonyMouse]

That's assuming you can (and know how to) turn off the warnings.

And many browsers do warn for self-signed certificates even on local IPs. They may not warn for unencrypted connections -- which is a weird choice given that TLS with a self-signed certificate is still more secure (e.g. against passive eavesdroppers) than unencrypted HTTP -- but HTTP/3 doesn't support unencrypted connections or self-signed certificates.

[Dylan16807]

My argument is just that you can still screw around easily. I'm not worried about HTTP/1 going away soon.

[AnthonyMouse]

Sometimes it's worth considering what the long-term implications of something are.

HTTP/3 is likely to become widely adopted over time, if for no other reason than that people install software updates and it becomes the default once popular browsers and web servers add support. People may even like the new features.

Then we get some new security vulnerabilities that get fixed in HTTP/3 but not older versions, and by then only a minority of sites use the older versions, so they get a warning. That spurs most of the holdouts to switch to the new version because they can't have scary browser warnings driving users away from their site. Which in turn allows the older versions to be fully deprecated and ultimately removed. And that's more likely here because the code for handling TCP and UDP are quite different and people aren't going to want to maintain the former if hardly anybody is using it.

It'll be years before that happens, but if a problem is foreseeable then maybe we should demand a solution contemporaneously with the creation of the problem instead of foisting it on the kids.