[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 09/01/2011 10:47 AM, Roger Dingledine wrote:
> For those who haven't been following, check out
> https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
> 
> You should pay special attention if you're in an environment where your
> ISP (or your government!) might try a man-in-the-middle attack on your
> interactions with https://www.torproject.org/.
> 
> We stepped up our schedule for switching the Tor Browser Bundle to Firefox
> 6 (which we can build from source on all platforms, and thus remove the
> offending CA ourselves). New bundles are out now:
> https://blog.torproject.org/blog/new-tor-browser-bundles-4

A pity that #3555 was not implemented at the time (even if the
likelihood to make any difference is only given if the user actually
toggled and is in disabled mode).
-----BEGIN PGP SIGNATURE-----

iF4EAREKAAYFAk5ybi8ACgkQyM26BSNOM7Y9xQD+JY3XoT87ga3x4U+ngXLn6M6F
2SajaDdAsC8E/g8XlVIBALqFxpiYjk45L9oT5dtGbmW7lWnFG1nu47oauievRc3W
=8kK+
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk