undefined | Better HN

0 pointsLeifCarrotson1mo ago0 comments

It's true that the expiration doesn't mean the encryption no longer works, but if the user is under a MITM attack and is presented by their browser with a warning that the certificate is invalid, then the encryption will still work but the encrypted communication will be happening with the wrong party.

I don't trust the average user to inspect the certificate and understand the reason for the browser's rejection.

0 comments

umanwizard1mo ago

Okay, but that’s not what was being asked. OP, someone who presumably understands the difference between a totally invalid cert and an expired one, was asking specifically whether clicking through the latter is dangerous.

axus1mo ago

"Visitors to the site are vulnerable to Man in the Middle (MitM) attacks, IF they click past the warning". I think it's true when there is a man in the middle.

fylo1mo ago

Based on history of this type of attack, it can also be true with a valid certificate ;)

wang_li1mo ago

It's entirely the second paragraph and not part of certificate expiration, in and of itself, lends to being MITM. Firefox tells me what the problem is, expired, wrong name, etc. So, it's not just saying "oh no, something is wrong." I can tell what is wrong before I choose to proceed.

j / k navigate · click thread line to collapse