[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)



For those who haven't been following, check out
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it

You should pay special attention if you're in an environment where your
ISP (or your government!) might try a man-in-the-middle attack on your
interactions with https://www.torproject.org/.

We stepped up our schedule for switching the Tor Browser Bundle to Firefox
6 (which we can build from source on all platforms, and thus remove the
offending CA ourselves). New bundles are out now:
https://blog.torproject.org/blog/new-tor-browser-bundles-4

Perhaps now is a great time for you to learn how to verify the signatures
on Tor packages you download:
https://www.torproject.org/docs/verifying-signatures

--Roger

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk