[Python-Dev] Enable Hostname and Certificate Chain Validation (original) (raw)
Donald Stufft donald at stufft.io
Wed Jan 22 12:42:00 CET 2014
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jan 22, 2014, at 6:21 AM, Paul Moore <p.f.moore at gmail.com> wrote:
2. Your proposal is that because some application authors have not opted in yet, we should penalise the end users of those applications by stopping them being able to use unverified https? And don't forget, applications that haven't opted in will have no switch to allow unverified use. That seems to be punishing the wrong people.
Another thought, if this is seriously a blocker something simple like an environment variable could be added that switches the default. Which would act as a global sort of —insecure flag for applications that don’t provide one. I really don’t like the idea of doing that, but it would be better than not validating by default.
Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://mail.python.org/pipermail/python-dev/attachments/20140122/e512d2b3/attachment.sig>
- Previous message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Next message: [Python-Dev] Enable Hostname and Certificate Chain Validation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]