[Gpg4win-users-en] Untrused Site Certification

Werner Koch wk at gnupg.org
Fri Jul 31 16:01:06 CEST 2015

On Thu, 30 Jul 2015 10:33, bernhard at intevation.de said:

> I hope we'll get around doing something in September or October.

Bernard, it is not more than an hour to add TLS support to the
webserver.  Pretty please do that now and also enable Strict Transport

Although it is relative easy to mount an MiTM on TLS, having the data
encrypted is simply better even it is just to raise the costs for mass
surveillance and to protect against casual snooping.

Frankly, I do not understand your resistance to that.  GnuPG also allows
for CMS/X.509 encryption (gpgsm) which has the very same problems as TLS.
And I have seen more than one S/MIME encrypted mail from you. 

Or should I really hack it by configuring my pound instance to forward
all gpg4win traffic to and change the gpg4win.org A record
accordingly (I am the hostmaster for that domain)?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gpg4win-users-en mailing list