[Gpg4win-devel] [gpg4win-Bugs][6671] gpg4win Website has self-signed certificate

noreply at wald.intevation.org noreply at wald.intevation.org
Tue May 26 04:35:24 CEST 2015


Bugs item #6671, was opened at 2015-05-26 02:35 by Kevin Dienst
You can respond by visiting: 
https://wald.intevation.org/tracker/?func=detail&atid=126&aid=6671&group_id=11

Status: Open
Priority: 3
Submitted By: Kevin Dienst (axi0m)
Assigned to: Nobody (None)
Summary: gpg4win Website has self-signed certificate 
Hardware: PC
Product: Gpg4win Website
Operating System: Windows 8
Component: None
Version: 2.2.2
Severity: normal
Resolution: None
URL: https://gpg4win.org/


Initial Comment:
The gpg4win website doesn't have a formally issued TLS certificate from a public CA. This has probably been mentioned before but I wasn't able to find an open bug on it and would like to have a formal answer from the maintainers of the project if they're purposefully not applying a public CA issued cert.

I understand that the GPG key for the gpg4win downloads can be verified via WoT but that doesn't eliminate the need for an SSL cert so we can increase the chance for average users to identify potential MiTM attacks where the downloads may be forged/unauthentic.

----------------------------------------------------------------------

You can respond by visiting: 
https://wald.intevation.org/tracker/?func=detail&atid=126&aid=6671&group_id=11


More information about the Gpg4win-devel mailing list