Ah Python, you have spoiled me for all other languages
Ian Kelly
ian.g.kelly at gmail.com
Sat May 23 00:10:44 EDT 2015
On Fri, May 22, 2015 at 9:31 PM, Michael Torrie <torriem at gmail.com> wrote:
> On 05/22/2015 07:54 PM, Terry Reedy wrote:
>> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
>>
>>> Lo these many years ago, I argued that Python is a whole lot more than
>>> a programming language:
>>>
>>> https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
>>
>> Perhaps something at tundraware needs updating.
>> '''
>> This Connection is Untrusted
>>
>> You have asked Firefox to connect securely to www.tundraware.com, but we
>> can't confirm that your connection is secure.
>>
>> Normally, when you try to connect securely, sites will present trusted
>> identification to prove that you are going to the right place. However,
>> this site's identity can't be verified.
>> '''
>
> Sigh. I blame this as much on the browser. There's no inherent reason
> why a connection to a site secured with a self-signed certificate is
> insecure. In fact it's definitely not.
Sure it is. Without some prior reason to trust the certificate, the
certificate is meaningless. How is the browser to distinguish between
a legitimate self-signed cert and a self-signed cert presented by an
attacker conducting a man-in-the-middle attack?
There is still some value in TLS with a self-signed certificate in
that at least the connection is encrypted and can't be eavesdropped by
an attacker who can only read the channel, but there is no assurance
that the party you're communicating with actually owns the public key
that you've been presented.
More information about the Python-list
mailing list