When I encountered the page for the first time, I was at a loss as to what to do. The OSNews backend apparently has an invalid security certificate, as well as various websites of my university, so whenever I re-install Firefox somewhere, I need to add an exception for each of these websites. The new Firefox 3.0 exception interface, however, is a four-step process that is wholly unclear (the "Or you can add an exception" is easily overlooked), and will be especially difficult to grasp for ordinary, normal users - exactly the group of users the feature tries to protect. As the Pingdom weblog explains:
The problem is that Firefox doesn't just give you this page following expired certificates, but also with self-signed certificates - something especially annoying for smaller websites. However, big websites are also affected, such as the official website for the United States Army. Heck, even Google forgets to update their certificates.
The Mozilla Foundation defends their decisions as being necessary to prevent malicious and fraudulent websites from carrying out their malintent. Jonathan Nightingale writes:
With a self-signed certificate, we don't know whether to trust it or not. It's not that these certificates are implicitly evil, it's that they are implicitly untrusted - no one has vouched for them, so we ask the user.
Personally, I agree with the fact that Firefox properly warns me that I'm visiting a site with an invalid or self-signed certificate, but it would be nicer if the user interface that I'm presented with is less complicated, clearer, and easier to use.