[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Joe Btfsplk
joebtfsplk at gmx.com
Fri Sep 2 15:32:57 UTC 2011
On 9/2/2011 9:57 AM, David Carlson wrote:
> On 9/2/2011 9:28 AM, Joe Btfsplk wrote:
>>
>> Is it really a risk, d/l Tor or TBB directly from Tor Project's site,
>> that verifying signatures is necessary? What is the reasoning here -
>> if getting files from Tor Project server?
>>
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
> I believe that the point of Roger's message was that you or I may not
> really be downloading the package from TorProject, if we are using SSL
> that is authenticated to a fake certificate.
Thanks. I'm sure many would appreciate a bit more explanation what
"...if we are using SSL that is authenticated..." means, in this case.
More information about the tor-talk
mailing list