Firefox SSL-Certificate Debate Rages On

BobB-nw points out the ever more raucous debate over the way Firefox 3 handles self-signed certificates. The scary browser warnings have affected a number of legitimate sites (such as Google AdWords and LinkedIn) that didn't renew certs in time. Lauren Weinstein loudly called attention to the problem early in July. "If you visit a website with either an expired or a self-signed SSL certificate, Firefox 3 will not show that page at all. Instead it will display an error message... To get past this error page, users have to go through four different steps before they can access the website, which from a usability standpoint is far from ideal. This way of handling websites with expired or self-signed SSL certificates is bound to scare away a lot of inexperienced users, no matter how legitimate the website is."

Security Is worth It With all the Troll Sites

[curmudgeon99]

With all the sites out there just looking to steal information from you, and to introduce Cross-Site scripting elements, this is a good idea. I want my browser to warn me when I'm going into uncertain territory. And if a website owner screwed up and did not renew their certs--to hell with them. We're supposed to accept a security risk because they couldn't get off their asses as renew? I don't think so.

Re:That's the point.

Because not all of these sites are questionable...
All it does is force these sites to buy certificates from the existing ssl certificate cartel.

Your site isn't questionable, but the business or sysadmin behind it IS. I'm sorry, but when you find you want/need to run SSL encryption, an SSL cert is around $150/year. Not exactly extortion when you consider all the other expenses to run a website (hardware, OS licenses, bandwith).