[cyclotron3k]

I never understood why a website served using a self-signed (and untrusted) certificate would throw up more warnings than a website served without any encryption at all.

Even today, a page served over HTTP just gets an unobtrusive bit of text saying "Not secure", but if a page is served over HTTPS with a cert that expired yesterday you will get a very scary full-page warning that entirely blocks you from accessing the underlying page.

It seems totally backwards to me.

[aewens]

An analogy may help, imagine the website as a door. A website using HTTP is a normal door and using HTTPS is a door with a lock, where the keyring in this analogy are the trusted CAs by your browser. A website using HTTPS with an expired certificate is a door that should have a lock, but the lock no longer latches; and a self-signed certificate is a locked door with a key left in the doorknob.

From a security perspective, a door without a lock has no expectation of protecting anything. But a door that should lock but doesn’t, or is supposed to be locked but has the key left in the latch is not providing the security expected, and should be given pause when anticipating security from the lock. This is what the browser is trying to translate with its UI.

[cyclotron3k]

That makes sense in theory, but you need to think about how the average user is going to perceive these UI choices: we're posting smaller warning for less-safe things. Put another way, the average user is going to be much more concerned about using a website with an expired certificate than a website that has no protection at all.

Put a third way: to the average user, a website behind an SSL-stripping MITM proxy is going to look more trustworthy than a website that forgot to renew their cert.