I think support for user trusted CAs should be added, maybe disabled by default.
The main reason is:
if I, on my device, add a certificate authority as trusted, it is not your duty to protect me
And btw I already use it with all other synchronization systems, so I would be compromised anyway.
I think this should be a valid enough reason to allow this, without me (or anybody else) having to explain my specific use case and reason why I want this setup.
Anyway, here it comes: the services I use are inside a private network, with its own dns resolver and certificate authority; the domains used do not even exist in the www.
- I don’t want (or cannot) register the domains, and have to maintain publicly trusted certificates when I don’t need them.
- I fully trust the private authority, or I wouldn’t use this private network.
- I do not want (or cannot) open the private network to the outside world only to obtain letsencrypt certificates (this being a security issue way worse the the hypothetical MITM attack from a CA that I trust)
If I may add, on iOS I can sync just fine using this domain, so it makes even less sense not having this possibility on android.