[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
From: Netizio <netizio@xxxxxxxxxxx>
Date: Sat, 03 Sep 2011 18:00:21 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 03 Sep 2011 12:00:07 -0400
In-reply-to: <4E622E22.80501@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20110902125555.163220@xxxxxxx> <4E60E813.1060409@xxxxxxx> <20110902171101.GA6618@sescenties> <CAC+VsLuHVypfqnyW=KPHdE6B83OmWYp0nauhpW-tzaoaQNh_Gw@xxxxxxxxxxxxxx> <20110902214612.GD17375@xxxxxxxxxxxxxxxx> <4E622E22.80501@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1

> I'm just asking here - other than entities (gov'ts?) targeting anonymity
> software (for now) what prevents this issue from becoming widespread? 
> If I download an update from MS - how do I know it's the authentic pkg
> from the real MS?  There's no authentication (or even check sums) for
> d/l Firefox, IE.  Only a small % of all developers offer these
> capabilities. 

Hi, AFAIK Microsoft does an automated hash or signature check in the
background to test that your downloaded packages are unmanipulated.
Mozilla offers you md5 sums and - more recommended - sha1 sums along
with the offical key to check the integrity of downloads:

http://releases.mozilla.org/pub/mozilla.org/firefox/releases/6.0.1/

Greetings,

Netizio

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Joe Btfsplk

References:
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Achter Lieber
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Joe Btfsplk
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Seth David Schoen
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Collin Anderson
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: andrew
- Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
  - From: Joe Btfsplk

Prev by Author: [tor-talk] Orbot on TV: Android Apps on Google TV
Next by Author: Re: [tor-talk] RSA identity keys
Previous by thread: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Next by thread: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Index(es):
- Author
- Thread