[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
From: Joe Btfsplk <joebtfsplk@xxxxxxx>
Date: Fri, 02 Sep 2011 10:32:57 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Sep 2011 11:33:17 -0400
In-reply-to: <4E60EEE7.9050400@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20110902125555.163220@xxxxxxx> <4E60E813.1060409@xxxxxxx> <4E60EEE7.9050400@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0

On 9/2/2011 9:57 AM, David Carlson wrote:

On 9/2/2011 9:28 AM, Joe Btfsplk wrote:


Is it really a risk, d/l  Tor or TBB directly from Tor Project's site,
that verifying signatures is necessary?  What is the reasoning here -
if getting files from Tor Project server?

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

I believe that the point of Roger's message was that you or I may not
really be downloading the package from TorProject, if we are using SSL
that is authenticated to a fake certificate.

Thanks. I'm sure many would appreciate a bit more explanation what"...if we are using SSL that is authenticated..." means, in this case.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Achter Lieber
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Joe Btfsplk
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: David Carlson

Prev by Author: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Next by Author: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Previous by thread: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Next by thread: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Index(es):
- Author
- Thread