[lxgr]

Then only allow self-signed certificates for literal IPs or those on .local (and other private/reserved TLDs).

Right now, .local is completely impossible to encrypt, as well as impossible to use “secure origin” APIs on, which is a shame.

[stackskipton]

.local also hasn't been best practice since 2005. Current recommendation, because of Certificates is to use internal only subdomain of domain you have control over.

[lxgr]

What? .local is the dedicated TLD for Zeroconf/Bonjour/mDNS! How is that deprecated?

And you’re just reconfirming my point: All of these recommendations are great for publicly hosted sites or corporate environments, but largely impracticable for home users that don’t know how to, or don’t want to, have a second job as sysadmins.

[stackskipton]

Home users also don't have IMAP servers they run themselves. They are in public email service.

[lxgr]

I don't think it's crazy for a NAS to provide an IMAP server, e.g. to backup or archive a large mailbox.

One of the selling points of a NAS is that storage is much cheaper than what the large cloud providers charge per GB and month.

[stackskipton]

Cool, you don't but obviously you don't deal with a ton of normal users. They are not running NASes, they will just toss Google some cash for bigger GMail box.