[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
From: Joe Btfsplk <joebtfsplk@xxxxxxx>
Date: Fri, 02 Sep 2011 12:26:47 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 02 Sep 2011 13:29:51 -0400
In-reply-to: <20110902171101.GA6618@sescenties>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20110902125555.163220@xxxxxxx> <4E60E813.1060409@xxxxxxx> <20110902171101.GA6618@sescenties>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0

On 9/2/2011 12:11 PM, Seth David Schoen wrote:

Joe Btfsplk writes:

Is it really a risk, d/l  Tor or TBB directly from Tor Project's
site, that verifying signatures is necessary?  What is the reasoning
here - if getting files from Tor Project server?

How do you know it was really the Tor Project server?

I'm not sure. How do I know when I open an HTTPS bookmark link to mybank, that it's my bank? I don't go through a (manual) signatureverification process when signing in, or d/l anything from a bank, CC orinvestment company. Are you answering a question w/ a question? Iasked 1st :)


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Achter Lieber
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Joe Btfsplk
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Seth David Schoen

Prev by Author: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Next by Author: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Previous by thread: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Next by thread: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Index(es):
- Author
- Thread