|
|
|
|
|
|
by oalae5niMiel7qu
1255 days ago
|
|
|
An expired certificate _is_ a soft error, and in most cases nobody gives a fuck. For example, if HN's certificate expired and my browser absolutely prohibited access to it on the basis of that, I'd switch browsers because there's literally nothing at stake if somebody is able to read my traffic to or from this unimportant site. There's even less at stake when it comes to the cryptographic security of some blog. I literally don't care if someone can read the blog entry as I download it from its publicly-accessible URL. On the other hand, if my e-mail provider's certificate is expired, there's a little more at stake, and there are other services where the HTTPS security being broken can cost me money. Those I do care about. |
|
|
> There's even less at stake when it comes to the cryptographic security of some blog.
This would only be the case if ISPs were not adversarial. In the US - for most people - They are, though.