Revocation Confusion

Summary

Back in December 2024 I needed to get to Vancouver from Waterloo. I looked for the cheapest direct flight and found the best option to be from Flair airlines. Trying to get to the website, flyflair.com, resulted in a big scary security warning screen from Firefox. firefox security warning screen indicating the SSL certificate was revoked I found a Reddit thread created on that day by someone with the same issue, but no one else in the comments seemed to be having any problems. A Moderator of the page even said in a reply to a comment “The issue was with [the original poster]. The site is working fine”. The creator of the post got gaslit HARD. And to the commenters’ credit, the site was appearing to be completely fine when using Chrome– the most popular browser. As it turns out, different browsers (and operating systems) behave wildly differently when an SSL certificate is revoked. Obviously this will eventually lead to confused users! Chrome will essentially not care and allow the user to browse the website, and Firefox will show the scary security screen. Mobile browsers vs Desktop browsers is a whole other thing too. “What does it mean to revoke an ssl cert?": owner of the website says ‘hey btw it’s not safe to encrypt communications to my website using this certificate anymore’ I really have two big points to make here. If you're interested in more technical stuff please read on otherwise just keep this in mind: User experience and security are interwoven In this case, even though the individual browsers themselves were internally consistent, they responded completely differently when trying to access the EXACT SAME website… this is bad for both the users and website owners. There’s a reason why web standards exist. People (on Reddit especially) speak with so much authority on things they don’t really know about, even moderators! DON'T TRUST REDDIT. Ok so what was actually going on Technical background time! When you start a session of encrypted communication bet...