[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
On 9/2/2011 12:11 PM, Seth David Schoen wrote:
I'm not sure. How do I know when I open an HTTPS bookmark link to my
bank, that it's my bank? I don't go through a (manual) signature
verification process when signing in, or d/l anything from a bank, CC or
investment company. Are you answering a question w/ a question? I
asked 1st :)
Joe Btfsplk writes:
Is it really a risk, d/l Tor or TBB directly from Tor Project's
site, that verifying signatures is necessary? What is the reasoning
here - if getting files from Tor Project server?
How do you know it was really the Tor Project server?
tor-talk mailing list