[OT] Trusting X.509 certificate
peter at digitalbrains.com
Tue Apr 16 11:50:36 CEST 2013
> You could look at the certificate your browser doesn't trust and follow up
> the information it contains. You could also search the internet (and other
> sources) for information about Intevation GmbH, and see if it matches what
> the certificate says.
Everything the certificate "says" is under attacker control when they redirect
the HTTPS session to their own system. You need to find a trust path based
on cryptographic signatures, not on what the Subject and Issuer fields and
what not say in the certificate.
 With the possible exception of the fingerprint (and perhaps some other
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users