[OT] Trusting X.509 certificate

Peter Lebbing peter at digitalbrains.com
Tue Apr 16 11:50:36 CEST 2013

> You could look at the certificate your browser doesn't trust and follow up
> the information it contains. You could also search the internet (and other
> sources) for information about Intevation GmbH, and see if it matches what
> the certificate says.

Everything the certificate "says" is under attacker control when they redirect
the HTTPS session to their own system[1]. You need to find a trust path based
on cryptographic signatures, not on what the Subject and Issuer fields and
what not say in the certificate.


[1] With the possible exception of the fingerprint (and perhaps some other

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list