I get the irony, but if you could magically visualize the entire internet security threat matrix, this would fall so far down the list and his other work is so high in terms of impact, that it would absolutely no sense for him to take even one minute away from his other activities to address this.
Yes, hence my question. I have tried to setup a HTTPS service and it seems incredibly complicated if you have your own domain name. Even with lets encrypt, if you are using github pages for hosting but your own custom domain, you are out of luck. The point is not that he is not serious about security, point is, it is too hard to get normal security correct. And I am not talking about "cryptography is hard". I am talking about tools which should be easy and standardized. Those are hard.
