On Oct 10, 2011, at 2:48 PM, Joe Btfsplk wrote: > On 10/10/2011 2:44 AM, Robert Ransom wrote: >> No. See https://tails.boum.org/bugs/FireGPG_may_be_unsafe/ , but beware -- >> I'm sure katmagic and I missed a few dozen attacks. > You're correct - that is, the https site you link has an unsafe certificate, > * per msg * in Firefox 7: >> tails.boum.org uses an invalid security certificate. >> >> The certificate is not trusted because the issuer certificate is not trusted. >> >> (Error code: sec_error_untrusted_issuer) > Anyone else seeing same security msg?
Yes, the tails developers decided not to pay the SSL mafia and got a certificate from cacert instead. Your browser probably isn't configured to trust cacert, so you get the warning. Alternatively, someone is really trying to mitm you - tough to know. Anyway, the sha1 fingerprint of the tails website should be E1 5D 87 49 7F A1 21 75 8B 6B 1A 85 DC EF 70 E1 C6 7C 82 57. Now good luck deciding whether you should trust my claim in this unsigned email, or what. Enjoy the trip through the rabbit hole. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk