[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

Roger Dingledine arma at mit.edu
Thu Sep 1 08:47:24 UTC 2011


For those who haven't been following, check out
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it

You should pay special attention if you're in an environment where your
ISP (or your government!) might try a man-in-the-middle attack on your
interactions with https://www.torproject.org/.

We stepped up our schedule for switching the Tor Browser Bundle to Firefox
6 (which we can build from source on all platforms, and thus remove the
offending CA ourselves). New bundles are out now:
https://blog.torproject.org/blog/new-tor-browser-bundles-4

Perhaps now is a great time for you to learn how to verify the signatures
on Tor packages you download:
https://www.torproject.org/docs/verifying-signatures

--Roger

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110901/125541b5/attachment.pgp>


More information about the tor-talk mailing list