-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Tuesday 16 April 2013 at 10:50:36 AM, in <mid:516d1eec.8050...@digitalbrains.com>, Peter Lebbing wrote: > Everything the certificate "says" is under attacker > control when they redirect the HTTPS session to their > own system[1]. Which is why I also suggested searching other sources of information for comparison. > You need to find a trust path based on > cryptographic signatures, not on what the Subject and > Issuer fields and what not say in the certificate. Ideally. But I would suggest the necessity depends on the intended use of (or interaction with) the site. To register an email address on a mailing list, I would probably spend practically zero time checking. - -- Best regards MFPA mailto:expires2...@ymail.com I think not, said Descartes, and promptly disappeared -----BEGIN PGP SIGNATURE----- iQCVAwUBUW2qK6ipC46tDG5pAQqiiwP+OWETvT8Y/3+L2ApSJAmKmaSWgXWCgeOJ C4kk6JSnTWGowx6whZLDXmGpCMHpL5Isi6Mbalmj4/iDq6tyeQVgXWYHnixy5U/3 jTVnOiUIjRIQWQ5QPVWhoQRjoRZ/cVqkd+2m85W0UFn22O7GaAdj/M7all+Av7nz UUdHeImAJdg= =bm7k -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
