[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Michael Gomboc
michael.gomboc at gmail.com
Fri Sep 16 13:25:03 UTC 2011
Hi,
How can someone verify the downloaded Torbutton file?
https://www.torproject.org/torbutton/index.html.en
I did not see any way to do that.
Thanks,
M
2011/9/15 tagnaq <tagnaq at gmail.com>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 09/01/2011 10:47 AM, Roger Dingledine wrote:
> > For those who haven't been following, check out
> >
> https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
> >
> > You should pay special attention if you're in an environment where your
> > ISP (or your government!) might try a man-in-the-middle attack on your
> > interactions with https://www.torproject.org/.
> >
> > We stepped up our schedule for switching the Tor Browser Bundle to
> Firefox
> > 6 (which we can build from source on all platforms, and thus remove the
> > offending CA ourselves). New bundles are out now:
> > https://blog.torproject.org/blog/new-tor-browser-bundles-4
>
> A pity that #3555 was not implemented at the time (even if the
> likelihood to make any difference is only given if the user actually
> toggled and is in disabled mode).
> -----BEGIN PGP SIGNATURE-----
>
> iF4EAREKAAYFAk5ybi8ACgkQyM26BSNOM7Y9xQD+JY3XoT87ga3x4U+ngXLn6M6F
> 2SajaDdAsC8E/g8XlVIBALqFxpiYjk45L9oT5dtGbmW7lWnFG1nu47oauievRc3W
> =8kK+
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
--
Michael Gomboc
www.viajando.at
pgp-id: 0x5D41FDF8
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110916/8236c2d2/attachment.htm>
More information about the tor-talk
mailing list