[popcornricecake]

It's not even certificates that's the problem, but trust. And here Google is making exceptions to allow unencrypted connections to private addresses, because trust is hard. If encryption was not tied to trust, then we would have 0 unencrypted connections by now and we would be that much better off.

Making an exception to allow plain HTTP connections instead of making an exception to allow self-signed certificates, seems like the worse choice to me.

[austin-cheney]

Yeah, that is an excellent point. I really wish there were a unique icon for self-signed certificates opposed to other untrusted certificates. Self-signed certificates are not deceptive or malicious but they are not trusted. In a localhost environment self-signed certificates from the host machine are perfectly fine. Even better would be if browsers did not require certificates at all to make use of HTTPS from localhost, 127.0.0.1, or ::1