[tor-talk] How to pin the SSL certificate for torproject.org?

grarpamp grarpamp at gmail.com
Sat Jul 7 20:07:23 UTC 2012


>> Fetchmail, msmtp, etc can all connect to a host,
>> take that cert fingerprint, compare it to the one you've
>> configured, and drop the connection if they differ.
>
> That may work against some adversaries but not against very clever adversaries. He can let the first connection alone and tamper with the other one.

It is first assumed one securely obtains and verifies certs
so you don't have this problem.


More information about the tor-talk mailing list