[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Seth David Schoen
schoen at eff.org
Fri Sep 2 17:11:01 UTC 2011
Joe Btfsplk writes:
> Is it really a risk, d/l Tor or TBB directly from Tor Project's
> site, that verifying signatures is necessary? What is the reasoning
> here - if getting files from Tor Project server?
How do you know it was really the Tor Project server?
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the tor-talk
mailing list