top | item 35798356

(no title)

aewens | 2 years ago

An analogy may help, imagine the website as a door. A website using HTTP is a normal door and using HTTPS is a door with a lock, where the keyring in this analogy are the trusted CAs by your browser. A website using HTTPS with an expired certificate is a door that should have a lock, but the lock no longer latches; and a self-signed certificate is a locked door with a key left in the doorknob.

From a security perspective, a door without a lock has no expectation of protecting anything. But a door that should lock but doesn’t, or is supposed to be locked but has the key left in the latch is not providing the security expected, and should be given pause when anticipating security from the lock. This is what the browser is trying to translate with its UI.

discuss

cyclotron3k|2 years ago

That makes sense in theory, but you need to think about how the average user is going to perceive these UI choices: we're posting smaller warning for less-safe things. Put another way, the average user is going to be much more concerned about using a website with an expired certificate than a website that has no protection at all.

Put a third way: to the average user, a website behind an SSL-stripping MITM proxy is going to look more trustworthy than a website that forgot to renew their cert.