Ah Python, you have spoiled me for all other languages
Chris Angelico
rosuav at gmail.com
Sat May 23 00:49:50 EDT 2015
On Sat, May 23, 2015 at 2:29 PM, Ian Kelly <ian.g.kelly at gmail.com> wrote:
> There *should* be scary warnings for plain
> HTTP connections (although there is a counter-argument that many sites
> don't need any encryption and HTTPS would just be wasteful in those
> cases).
I don't think there should be "scary warnings", for precisely this
reason. When the information you're sharing is completely public,
there's no point taking the overhead of encryption. So there should be
two normal and acceptable ways to access data: either unencrypted, or
encrypted with a verified certificate. Oh look, that's what we have.
There is an assumption that your system certificate store is
trustworthy, but for the typical user, it's probably better than
they'll get any other way, and for an atypical user, it can be pruned
easily.
But I think we're just a smidge off-topic here.
ChrisA
More information about the Python-list
mailing list