So the browser damn well can't just decide silently to proceed when it sees a self-signed cert.
So why then does the browser connect to plain HTTP sites without a warning? At *best* plain HTTP is equally vulnerable, and realistically it's a heck of a lot more practical to exploit plain HTTP.
"This site has a self-signed certificate for privacy protection only. Proceed to connect? [N/y]" and most users will answer "y".
Why the heck would it do that? Non-https sites don't cause the browser to say "This site is not protected by SSL at all. Proceed to connect?" today, so why should it do that?
I could see an argument that that "https" in the URL bar has some significance to the user, though I suspect any study of user behavior would show otherwise. But this could easily be addressed: Adjust the URL bar so the protocol is not displayed normally, have it be off to the left where you can reach it while editing the URL but not where it's normally displayed. Denote properly authenticated https with the traditional padlock icon, and the new and fancy colored URL bar. Users on the more clueless end of the spectrum will think that non-authenticated HTTPS == Plain HTTP, which is true in the worst case. No surprises.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds