[teraflop]

Not a bad idea, in theory, but... suppose I visit a site on Monday and see certificate A. Then when I return on Tuesday, I see a different certificate B. What reason is there to think that A is likely to be the "true" certificate, and B isn't?

Showing a big scary warning in one case, and not in the user, implies to the user that the browser has some reason to think one is more secure, which is misleading.

[sfilipov]

You could use some website which you connect to securely (CA signed) which fetches and displays fingerprint C. You can then compare it to A and B and the one which matches C is the "true" one.

Of course the whole thing can be automated by the browser and happen behind the scene - i.e. Firefox connecting to a Mozilla service for each self signed website it sees and comparing the fingerprints. Then it can store information about this self-signed certificate as trusted.

[teraflop]

That sounds essentially the same as how Let's Encrypt works: https://letsencrypt.org/howitworks/technology/

Except that rather than creating a self-signed certificate and then asking an external service to store a fingerprint, you just let the external service sign your certificate.

EDIT: Oh yeah, and signing the certificate up-front has the nice benefit of not forcing browsers to leak private information (namely, the domain names that are being accessed) to a centralized third party.

[beeworker]

I agree in that scenario it's hard to say whether one is more likely to be the true certificate than the other. If we're assuming attacks that aren't targeted towards specific users (e.g. from state actors, or just a corrupt hotel wifi admin, who are attacking whoever happens to be on the network) then we can't say without more details about the network you were connected to on Monday vs. Tuesday. If we're assuming attacks that are targeting you specifically as an individual, perhaps A could be considered slightly more likely than B due to coming first... Visiting the site on Monday leaks the information that you visited the site, so an attacker may believe you will visit that site again. But if the attacker is keeping logs of your traffic habits, they may have just chosen Monday to poison your fresh DNS lookups. So again it looks like we can't say which is more likely.