[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Browser Bundle: PGP encryption built-in?



On Oct 10, 2011, at 2:48 PM, Joe Btfsplk wrote:

> On 10/10/2011 2:44 AM, Robert Ransom wrote:
>> No. See https://tails.boum.org/bugs/FireGPG_may_be_unsafe/ , but beware -- I'm sure katmagic and I missed a few dozen attacks.
> You're correct - that is, the https site you link has an unsafe certificate, * per msg * in Firefox 7:
>> tails.boum.org uses an invalid security certificate.
>> 
>> The certificate is not trusted because the issuer certificate is not trusted.
>> 
>> (Error code: sec_error_untrusted_issuer)
> Anyone else seeing same security msg?

Yes, the tails developers decided not to pay the SSL mafia
and got a certificate from cacert instead. Your browser
probably isn't configured to trust cacert, so you get the
warning.

Alternatively, someone is really trying to mitm you - tough to
know. Anyway, the sha1 fingerprint of the tails website should
be 

E1 5D 87 49 7F A1 21 75 8B 6B 1A 85 DC EF 70 E1 C6 7C 82 57.

Now good luck deciding whether you should trust my claim
in this unsigned email, or what. Enjoy the trip through the
rabbit hole.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk