[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

Joe Btfsplk joebtfsplk at gmx.com
Fri Sep 2 17:26:47 UTC 2011

On 9/2/2011 12:11 PM, Seth David Schoen wrote:
> Joe Btfsplk writes:
>> Is it really a risk, d/l  Tor or TBB directly from Tor Project's
>> site, that verifying signatures is necessary?  What is the reasoning
>> here - if getting files from Tor Project server?
> How do you know it was really the Tor Project server?
I'm not sure.  How do I know when I open an HTTPS bookmark link to my 
bank, that it's my bank?  I don't go through a (manual) signature 
verification process when signing in, or d/l anything from a bank, CC or 
investment company.  Are you answering a question w/ a question?  I 
asked 1st :)

More information about the tor-talk mailing list