[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)


----- Original Message -----

From: Roger Dingledine

Sent: 09/01/11 03:47 PM

To: tor-talk@xxxxxxxxxxxxxxxxxxxx

Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

For those who haven't been following, check out 

You should pay special attention if you're in an environment where your 
ISP (or your government!) might try a man-in-the-middle attack on your 
interactions with https://www.torproject.org/. 

We stepped up our schedule for switching the Tor Browser Bundle to Firefox 
6 (which we can build from source on all platforms, and thus remove the 
offending CA ourselves). New bundles are out now: 

Perhaps now is a great time for you to learn how to verify the signatures 
on Tor packages you download: 


Hello Roger. 
Is it possible to check the signatures for the Browser bundle, which I use on a USB with Windows but check 
the signatures from my Mac? I only use internet cafe computers as they are so readily available where I live, are much faster than what I have been able to purchase for an ISP provider from my home and many times just isn't working. Don't know if that is possible to do from Mac on .exe files or whatever. Not real savvy here. Sorry. 
tor-talk mailing list