[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

Joe Btfsplk writes:

> Is it really a risk, d/l  Tor or TBB directly from Tor Project's
> site, that verifying signatures is necessary?  What is the reasoning
> here - if getting files from Tor Project server?

How do you know it was really the Tor Project server?

Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107
tor-talk mailing list