It’s a complete failure of infosec-meets-user-psychology that “this TLS certificate is issued for your bank and the server is sneaky hackerman dot com” and “this otherwise valid certificate expired a day ago” have the EXACT SAME USER EXPERIENCE.

Follow

@Quinnypig What should the user experience for an expired certificate be?

Sign in to participate in the conversation
Mastodon

a Schelling point for those who seek one