[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Comments on https://www.torproject.org/docs/faq.html.en

Roger Dingledine <arma <at> mit.edu> writes:

> On Mon, Apr 18, 2016 at 06:39:33AM -0700, Ryan Carboni wrote:
> >
> >
> > 2. https://www.torproject.org/docs/faq.html.en#SSLcertfingerprint
> > I think the fingerprint is outdated.
> We indeed just got new ssl certs. Probably the fix there is to just
> remove that FAQ entry.

I can see the new SSL certificate for *.torproject.org, issued 2016-04-15.
I'd prefer the FAQ entry to be updated rather than removed. It gives me a
little confidence in the site, though presumably anyone who was MITM-ing the
SSL connection would also changes the fingerprint on the FAQ!

The blog.torproject.org certificate is still in date until 2017-06-14 but my
certificate viewer shows this is issued by DigiCert not RapidSSL as stated
on the FAQ. Also the FAQ quotes SHA1 and MD5 fingerprints for the
certificate,  both of these are broken (but hopefully not for the same
cert!) I'm not too wrorried but can someone post the correct info to the
FAQ? A SHA-256  fingerprint would also be good.


-- lukep

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to