The lack of a secure connection to wald.intevation.org kind of makes me think this whole Gpg4win encryption thing is a joke. Chrome was warning me that going to this site is dangerous. 
Hi,
[a few people already tried to answer this question, but there was a hickup with
the forum.]
Kevin Stecyk wrote:
I get similar messages using Microsoft Edge.
This site is not secure
This might mean that someone’s trying to fool you or steal any info you
send to the server. You should close this site immediately.When I click on more information, I get this:
Your PC doesn’t trust this website’s security certificate.
Error Code: DLG_FLAGS_INVALID_CAWhoever is responsible for this website should fix this issue.
Kim Nilsson wrote:
Yes, I agree.
A free certificate from Letsencrypt would have been better than a
self-signed certificate.Anyway, you can get the self-signed CA over at
ssl . intevation . de
Yes, we would like to use a better TLS certificate for wald.
And we will do so at some time.
To make a long story short:
-
technically it was not that easy and cost effective to host many sites
from one server, which wald does. Today it is possible with SNI, but it would be
a medium sized restructuring on the server side. -
It takes significant effort to follow the fast paced web browser methods to add security. While it is designed to help web apps that save sensitive information, we do not require the same level of security and many measures do not add much security value for gpg4win.
With limited resources we put our priority improving Gpg4win elsewhere. -
The software binary itself it secured by code signing and an extra OpenPGP signature.
Best Regards,
Bernhard