[lisper]

Wow, the tone of the discussion here is, um, disappointing. I see people defending two extreme positions, both of which are indefensible, and no one (so far) actually tackling this problem in any kind of constructive way.

On the one side, there are the people who say that an expired cert should be a hard error because security is too important for any kind of compromise. On the other side there are people saying that an expired cert (or self-signed cert) is better than nothing, and so a user should be allowed to proceed with a warning.

What neither side is acknowledging is that there is no one-size-fits-all solution because different sites have different threat models. HN has a very different set of risks associated with it than your bank.

Obviously, if you go to your bank's web site and it presents a cert that expired five years ago, you should probably not be allowed to proceed.

On the other hand, if you go to your family's static HTML photo site you should probably be able to access it without any encryption at all. Even sites like HN or Reddit are probably safe to visit unencrypted most of the time.

In between is a vast ocean of grey. Example: shortly before midnight you log in to your bank's web site to pay your credit card bill, which is due the next day. As you fill in the form, the clock ticks past midnight and the cert expires. It is the exact same cert that was valid five minutes ago when you logged in. Should you really be blocked from completing the transaction?

IMHO, at the very least certs should have two expiration dates, a soft one, at which point users get warnings, and a hard one, at which point the cert stops working. There are probably better solutions, but the idea that it's perfectly fine to visit a site one minute before midnight and unsafe one minute after is untenable.

[entropyie]

Most of my comments mention the fact that the escape hatch should be limited to certain use cases, such as local networks, certain TLDs etc...

Tying the validation requirements and CA bundle to the TLD would be a useful strategy and would in fact increase security in most cases.

For example imagine the official Chinese government CA can only issue certs for .cn . The TLD could also mandate TLS v1.3 and the latest crypto algorithm.

This simultaneously protects the Chinese from Western interference, and Google from Chinese interference.

"Encryption only" never-expiring certs could be specifically banned for .com .bank etc... but allowed for .local, .lan, .hobby and plain IP addresses.

This increases security across the board without sacrificing autonomy.

[faeyanpiraat]

Nothing is safe without SSL (expired or not), if you are on public WIFI.