"The idea is that 'network notary' servers scattered across the Internet use network probing to build a history of keys used by a server. When a client receives a self-signed/expired cert, it can compare with the certs seen by the network notaries and see if that key is valid, or the result of a man-in-the-middle attack."
Perspectives also will identify if an attacker has tricked one of the certificate authorities trusted by Firefox into incorrectly issuing a certificate for a trusted Web site and warn the user.
One reader who was identified as "MarketObserver" summed up the issue in terms of integrity of the system: "If certificates are going to provide the intended protection for consumers, they should be current and issued by a trusted source. Otherwise, the system is broken. Site managers should get their act together and keep their certs up to date."
The issue also was flipped on its head by one responder who concluded:
"While the technology of certificates might be secure, I think the business model and practices aren't. The whole trust model depends on there being only a 'few' organizations that everyone knows (and trusts), who in turn sign other peoples' certificates. Implicit in that is that the 'few' trusted organizations can be properly trusted to vet the people whose certificates they sign. The more places that your browser 'trusts' to validate the signature of a certificate, the more opportunity there is for meaningless trust."