On 9/2/2011 9:57 AM, David Carlson wrote:
On 9/2/2011 9:28 AM, Joe Btfsplk wrote:
Is it really a risk, d/l Tor or TBB directly from Tor Project's site,
that verifying signatures is necessary? What is the reasoning here -
if getting files from Tor Project server?
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
I believe that the point of Roger's message was that you or I may not
really be downloading the package from TorProject, if we are using SSL
that is authenticated to a fake certificate.
Thanks. I'm sure many would appreciate a bit more explanation what
"...if we are using SSL that is authenticated..." means, in this case.
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
