[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Joe Btfsplk
joebtfsplk at gmx.com
Fri Sep 2 14:28:35 UTC 2011
On 9/2/2011 7:55 AM, Achter Lieber wrote:
> ----- Original Message -----
> From: Roger Dingledine
> Sent: 09/01/11 03:47 PM
> To: tor-talk at lists.torproject.org
> Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
>
> New bundles are out now: https://blog.torproject.org/blog/new-tor-browser-bundles-4 Perhaps now is a great time for you to learn how to verify the signatures on Tor packages you download: https://www.torproject.org/docs/verifying-signatures
Is it really a risk, d/l Tor or TBB directly from Tor Project's site,
that verifying signatures is necessary? What is the reasoning here - if
getting files from Tor Project server?
More information about the tor-talk
mailing list