[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Joe Btfsplk writes:
> Is it really a risk, d/l Tor or TBB directly from Tor Project's
> site, that verifying signatures is necessary? What is the reasoning
> here - if getting files from Tor Project server?
How do you know it was really the Tor Project server?
Seth Schoen <schoen@xxxxxxx>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
tor-talk mailing list