[Python-Dev] Enable Hostname and Certificate Chain Validation
Ethan Furman
ethan at stoneleaf.us
Fri Jan 24 00:03:48 CET 2014
On 01/22/2014 05:16 AM, M.-A. Lemburg wrote:
> On 22.01.2014 13:43, Jesse Noller wrote:
>>
>> Donald is perfectly right: today, it's trivial to MITM an application
>> that relies off of the current behavior; this is bad news bears for
>> users and developers as it means they need domain knowledge to secure
>> their applications by default they may not have.
>
> I don't think you need much domain knowledge to insert
> a single line of code into applications to enable the checks.
I find myself on the "dumb user" side of this argument, and I think it is much like the str/unicode transition of 3.0 --
which is it say, there are many who didn't understand unicode until forced to by 3.0, and likewise there will be many
who don't understand security until forced to by enabling this new feature. One big difference is it's possible to
opt-out of this security feature (which is a good thing, considering all the ill-configured systems out there).
--
~Ethan~
More information about the Python-Dev
mailing list