HTTPS-E: nonintuitive UI when connecting to domains with invalid certificates on Iceweasel/Firefox
Context: [Iceweasel] and [Firefox], using [HTTPS-Everywhere]. Connecting to a domain with an [expired certificate] or [certificate] for the wrong domain. Plugin forces https connection. Browser displays special page claiming an [invalid certificate] and requesting to either leave or make an exception. In this case, the appropriate approach is to opt out of SSL and simply use [HTTP] (unless forced by the server) by unchecking the site on the HTTPS-E button's drop-down list. However, since the full page message is much larger, users will be tempted to make a certificate exception and continue using SSL - which depending on their settings may be persistent, and in any case gives a false sense of security. This is a [UI] issue, but it is thus a security issue.
Can we add a feature to either redirect to a different more explanatory message, or modify the existing warning page to also have a "try HTTP for this session" button?
I don't know about Chrome/Chromium.