What steps will reproduce the problem? 1. go to a site that serves both http://site/ and https://site/ but doesn't have a good or up to date certificate.

What is the expected output? What do you see instead? Result: ignored by the finder

Expect: load the https://site/ anyway, cache it, compare it to the http://site/ page that's already in cache and if they are identical, present the usual choice message with a small certificate warning. (Firefox will present the full warning afterwards anyway).

Note: a bad certificate (expired or for a different site) is still better than plain text. Some sites don't pay for https anymore, but sometimes their hosting company does (hence the wrong site or expired certs.)

A bad certificate doesn't protect from MITM attacks, but does still protect from eavesdroppers or automated workplace loggers (which are 99% of the problems anyway). With the proper warning, we should be ok.

What version of the product are you using? On what operating system? 0.30 / linux

Please provide any additional information below.

I guess it would be possible to add an "Advanced" preference window where you can check/uncheck certificate errors that the extension will test for. I am going to wait on this until some of the higher priority issues are resolved though (session enforcement of HTTPS especially).

Deciding not to take action on this issue at this time. Focusing on usability and functionality improvements relating to valid SSL sites. This could be revisited at a later date.

An option to redirect to HTTPS even with certificate errors could be particularly valuable for people who use addons like Perspectives, which could independently verify certificates and override the errors.