←back to thread

All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)
1318 points xvector | 2 comments | 04 May 19 01:31 UTC | HN request time: 1.498s | source
1. cnst ◴[04 May 19 02:24 UTC] No.19823943[source]
Is it perhaps a good time to remind folks that the same thing could happen to all your "secure" HTTPS websites that are completely unavailable via HTTP, where the only thing served over HTTP are the 301 Moved redirects, even for sites that don't collect any user information at all, and only serve static and public content, which really hardly benefit from the mandatory encryption?

Or is HTTPS / LetsEncrypt too big to fail? HTTPS still always a good choice? I see…

replies(1): >>19824001 #
2. swiley ◴[04 May 19 02:37 UTC] No.19824001[source]
But it's easy to override broken https certificates. Worst case you have trust on first contact style security.

This is just plain bad.