OT: limit number of connections from browser to my server?
Random832
random832 at fastmail.com
Sun May 22 15:04:13 EDT 2016
On Wed, May 18, 2016, at 18:58, Gregory Ewing wrote:
> Grant Edwards wrote:
> > Product spec explicitly states HTTPS only. I'm told that is not open
> > for discussion. The customer is a large, somewhat bureaucratic German
> > corporation, and they generally mean it when they say something is
> > non-negotiable.
>
> They're probably being sensible. The way the Internet of
> Things is shaping up, it's far better to have too much
> security than too little.
HTTPS provides little to no security on a device which has no domain
name, since we don't have any well-established way to manage self-signed
certificates, or certificates signed on a basis other than the domain
name. It'd be nice if there were a way for IOT devices to have a
certificate signed *by the manufacturer*.
The entire SSL browser UI paradigm is predicated on the fact that what
is verified by a certificate is the domain name, which must match the CN
field of the certificate, and provides no way to present a certificate
issued on another basis to the user.
More information about the Python-list
mailing list