@abucci@anthony.buc.ci I think TLS is fine. I think PKI is a crock of garbage, because most participants in PKI are garbage, and Google has complete capture of it and makes decisions that work best for it, and not the real world.
Ultimately what I think should happen for certificate expiration is browsers should soft-warn for like a week or two after expiry, with like a yellow address bar, as opposed to trying to block navigation. The risk of an expired cert just doesn’t justify browser behavior.