[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Roger Dingledine
arma at mit.edu
Thu Sep 1 08:47:24 UTC 2011
For those who haven't been following, check out
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
You should pay special attention if you're in an environment where your
ISP (or your government!) might try a man-in-the-middle attack on your
interactions with https://www.torproject.org/.
We stepped up our schedule for switching the Tor Browser Bundle to Firefox
6 (which we can build from source on all platforms, and thus remove the
offending CA ourselves). New bundles are out now:
https://blog.torproject.org/blog/new-tor-browser-bundles-4
Perhaps now is a great time for you to learn how to verify the signatures
on Tor packages you download:
https://www.torproject.org/docs/verifying-signatures
--Roger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110901/125541b5/attachment.pgp>
More information about the tor-talk
mailing list