[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

For those who haven't been following, check out

You should pay special attention if you're in an environment where your
ISP (or your government!) might try a man-in-the-middle attack on your
interactions with https://www.torproject.org/.

We stepped up our schedule for switching the Tor Browser Bundle to Firefox
6 (which we can build from source on all platforms, and thus remove the
offending CA ourselves). New bundles are out now:

Perhaps now is a great time for you to learn how to verify the signatures
on Tor packages you download:


Attachment: signature.asc
Description: Digital signature

tor-talk mailing list