One of the big problems with HTTPS is that it's inherently tied to either the public domain name system, or to manual configuration.
This becomes a problem for the internet in general, because things like local network IoT automation controllers for consumers can really only work via some kind of cloud service, or through an app, generally using some kind of proprietary protocol. Many things that are technically possible, just aren't convenient enough, and as a result, there's a huge barrier to self-hosting anything.
One obvious way to solve the "Nobody uniquely owns a LAN or localhost IP" problem, would be to create subdomains that work like blockchain addresses, which CAN be uniquely owned, just without the blockchain.
Suppose a URL could be created based on the hash of a public key. The "owner" of the address is the person who generated the private key, and they can prove it with a simple challenge-response. If you own the key that is embedded in the domain somewhere as a base64, you're almost certainly the one who generated that domain.
After this, they can print a QR code, and invite visitors to a purely local URL like "cafemessageboard.KFmKmryaRbSL1SYhPCD7Jw.192.168.5.6", with all the HTML5 awesomeness, right on the local machine.
The same process applies to subdomains using dynamic DNS services, or static addresses on mesh VPNs like Yggdrasil and CJDNS, greatly expanding the usability of self-hosted software, and it also allows for true localhost cerrificates, should there be a need for something like that to simplify testing.
Since there is essentially no possibility of collisions, it would seem the only big security risks are the same user error issues you get with any web tech(or any tech at all!).
Another benefit is that, were the feature to ever be widely used, browsers could eventually trust self-signed certificates using the format, without any load at all on Let's Encrypt's servers, and devices could generate their own keys, certificates, and domains, fully offline.
With more and more things just dropping support entirely for unencrypted traffic, I think the time is now to start the conversation on the question of securing the local network, without limiting people's capabilities, and I'm sure there are still way too many internal systems out there that should probably be secure, but aren't.