[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

On 9/2/2011 7:55 AM, Achter Lieber wrote:
----- Original Message -----
From: Roger Dingledine
Sent: 09/01/11 03:47 PM
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

  New bundles are out now: https://blog.torproject.org/blog/new-tor-browser-bundles-4 Perhaps now is a great time for you to learn how to verify the signatures on Tor packages you download: https://www.torproject.org/docs/verifying-signatures
Is it really a risk, d/l Tor or TBB directly from Tor Project's site, that verifying signatures is necessary? What is the reasoning here - if getting files from Tor Project server?

tor-talk mailing list