[OT] Trusting X.509 certificate
expires2013 at ymail.com
Tue Apr 16 21:44:24 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 16 April 2013 at 10:50:36 AM, in
<mid:516D1EEC.8050205 at digitalbrains.com>, Peter Lebbing wrote:
> Everything the certificate "says" is under attacker
> control when they redirect the HTTPS session to their
> own system.
Which is why I also suggested searching other sources of information
> You need to find a trust path based on
> cryptographic signatures, not on what the Subject and
> Issuer fields and what not say in the certificate.
Ideally. But I would suggest the necessity depends on the intended use
of (or interaction with) the site.
To register an email address on a mailing list, I would probably spend
practically zero time checking.
MFPA mailto:expires2013 at ymail.com
I think not, said Descartes, and promptly disappeared
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users