> You could look at the certificate your browser doesn't trust and follow up > the information it contains. You could also search the internet (and other > sources) for information about Intevation GmbH, and see if it matches what > the certificate says.
Everything the certificate "says" is under attacker control when they redirect the HTTPS session to their own system[1]. You need to find a trust path based on cryptographic signatures, not on what the Subject and Issuer fields and what not say in the certificate. Peter. [1] With the possible exception of the fingerprint (and perhaps some other details) -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
