> Do you think browsers should block access to sites that use expired certs (in the same way that they block access to sites that use revoked certs)? For short-lived certificates, definitely.