According to a number of bloggers(1), torproject.org was include among those domains targeted in the certificate breach. In at least the case of Google, these certificates have been offered to Iranian Internet users by a number of ISPs, in a number of city.
Risk is a product of situation, and if you are in Iran, Syria, Belarus, et al, I would exercise at least that level of caution. (1) http://www.nu.nl/internet/2603449/mogelijk-nepsoftware-verspreid-naast-aftappen-gmail.html On Fri, Sep 2, 2011 at 1:11 PM, Seth David Schoen <[email protected]> wrote: > Joe Btfsplk writes: > > > Is it really a risk, d/l Tor or TBB directly from Tor Project's > > site, that verifying signatures is necessary? What is the reasoning > > here - if getting files from Tor Project server? > > How do you know it was really the Tor Project server? > > -- > Seth Schoen <[email protected]> > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 > _______________________________________________ > tor-talk mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C.
_______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
