Just ran into this again (I must have to add exceptions on average 3 times a week?) and I have to agree with the people critiquing it; it definitely *isn’t* good for security. What *would* be good is if the security exception page was deferred until you submit data through that page.
Surely there’s no risk until you start giving out your details? I don’t get error pages every time I view a page without certificates, I don’t see how that’s any more secure. I shouldn’t have to add an exception (and desensitise myself further to these security issues) if I’m just viewing a page with a bad certificate.
]]>