[Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements (original) (raw)

Alex Gaynor alex.gaynor at gmail.com
Wed Mar 26 00:47:38 CET 2014

• Previous message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
• Next message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At this I think this PEP has become a little too vague and abstract, and I think we'd probably be better served by getting more concrete:

Problem:

Some of Python 2's modules which are fundamentally necessary for interop with the broader internet, and the security thereof, are missing really important features.

Right now Python 2 has a policy of getting absolutely new features.

Solution:

We're going to ignore that policy for a couple of pretty important features to that end.

Here's my proposed list of such featuers:

• hmac
  • constant_time_compare
• os
  • Persisant FD for os.urandom()
• ssl
  • SNI
  • SSLContext
  • A giant suite of constants from OpenSSL
  • The functions for checking a hostname against a certificate
  • The functions for finding the platform's certificate store

Alex

• Previous message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
• Next message: [Python-Dev] PEP 466 (round 4): Python 2.7 network security enhancements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list