[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

On 9/2/2011 12:11 PM, Seth David Schoen wrote:
Joe Btfsplk writes:

Is it really a risk, d/l  Tor or TBB directly from Tor Project's
site, that verifying signatures is necessary?  What is the reasoning
here - if getting files from Tor Project server?
How do you know it was really the Tor Project server?
I'm not sure. How do I know when I open an HTTPS bookmark link to my bank, that it's my bank? I don't go through a (manual) signature verification process when signing in, or d/l anything from a bank, CC or investment company. Are you answering a question w/ a question? I asked 1st :)

tor-talk mailing list