[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
joebtfsplk at gmx.com
Fri Sep 2 17:26:47 UTC 2011
On 9/2/2011 12:11 PM, Seth David Schoen wrote:
> Joe Btfsplk writes:
>> Is it really a risk, d/l Tor or TBB directly from Tor Project's
>> site, that verifying signatures is necessary? What is the reasoning
>> here - if getting files from Tor Project server?
> How do you know it was really the Tor Project server?
I'm not sure. How do I know when I open an HTTPS bookmark link to my
bank, that it's my bank? I don't go through a (manual) signature
verification process when signing in, or d/l anything from a bank, CC or
investment company. Are you answering a question w/ a question? I
asked 1st :)
More information about the tor-talk