[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file
From: tor@xxxxxxxxxxxxxxxxxx
Date: Fri, 23 Sep 2011 15:20:15 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 23 Sep 2011 10:20:35 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.grepular.com; s=dkim1; h=Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=1YBorn6N5vJMYd/gvkYXqYXUe4NZrSJ9YhO0m8OZ7GA=; b=EXQ8chR/feuWiqecFO/QGIsmdQAjSBUerRAv00mw1Xv/qa5QjvE5bzJiHtY4KvyYuAUPSv7zCg2v9hMIF3NOAZwCkYbG8101EImh3eGOoCY+8sbLxpcPCdUXcvFiZ50cxQ9HAlDPpcb7DdM9OaShz2vO9Vetw9uLZXYbYFYOvpQ=;
In-reply-to: <CACLwEKFVoF9FUdRm=d6bUPCNMAMXrhB1JYv2XEp9y=Y4tOrqGQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CACLwEKGks05kTdWFGUAyxRuaK8D_abaAqPC7ZrxUk5-6kvPtgA@xxxxxxxxxxxxxx> <201109230948.13191.andrew@xxxxxxxxxxxxxx> <CACLwEKFVoF9FUdRm=d6bUPCNMAMXrhB1JYv2XEp9y=Y4tOrqGQ@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20110906 Thunderbird/6.0.2

On 23/09/11 15:10, Michael Gomboc wrote:

> Thanks Andrew. But when the SSL certificate is faked....

If you have the public key which corresponds to the private key which
was used to create the signature, then it doesn't matter if the SSL
certificate is faked. Even using non-SSL http would be fine.

https://www.torproject.org/docs/verifying-signatures.html

If the file, or the signature file you download are tampered with, doing
this verification will alert you to that fact.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file
  - From: Michael Gomboc

References:
- [tor-talk] How to verify the authenticity of the Torbutton xpi file
  - From: Michael Gomboc
- Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file
  - From: Andrew Lewman
- Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file
  - From: Michael Gomboc

Prev by Author: Re: [tor-talk] Dutch police break into webservers over hidden services
Next by Author: Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file
Previous by thread: Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file
Next by thread: Re: [tor-talk] How to verify the authenticity of the Torbutton xpi file
Index(es):
- Author
- Thread