[Catalog-sig] [PSF-Members] Howto Guide for MITM attacks on PyPI
Donald Stufft
donald.stufft at gmail.com
Mon Feb 4 13:22:01 CET 2013
On Monday, February 4, 2013 at 7:20 AM, Donald Stufft wrote:
> There can be more work in the future in making a reasonable
> end to end validation story possible however there are a few
> clear and easy wins especially with related to getting a real
> trusted SSL certificate paid for and installed and enforcing
> SSL.
I should probably note that both SSL and DNSSEC are steps
taken by Crate.io to prevent MITM. Crate went so far as to
contact Chrome and get crate.io added to the HSTS preload
list in Chrome so that in Chrome it's impossible to ever
access Crate w/o a valid SSL certificate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20130204/f57173de/attachment.html>
More information about the Catalog-SIG
mailing list