[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
tagnaq
tagnaq at gmail.com
Thu Sep 15 21:29:20 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 09/01/2011 10:47 AM, Roger Dingledine wrote:
> For those who haven't been following, check out
> https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
>
> You should pay special attention if you're in an environment where your
> ISP (or your government!) might try a man-in-the-middle attack on your
> interactions with https://www.torproject.org/.
>
> We stepped up our schedule for switching the Tor Browser Bundle to Firefox
> 6 (which we can build from source on all platforms, and thus remove the
> offending CA ourselves). New bundles are out now:
> https://blog.torproject.org/blog/new-tor-browser-bundles-4
A pity that #3555 was not implemented at the time (even if the
likelihood to make any difference is only given if the user actually
toggled and is in disabled mode).
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk5ybi8ACgkQyM26BSNOM7Y9xQD+JY3XoT87ga3x4U+ngXLn6M6F
2SajaDdAsC8E/g8XlVIBALqFxpiYjk45L9oT5dtGbmW7lWnFG1nu47oauievRc3W
=8kK+
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list