[Python-Dev] PEP 476: Enabling certificate validation by default! (original) (raw)
R. David Murray rdmurray at bitdance.com
Wed Sep 3 21:06:39 CEST 2014
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 03 Sep 2014 20:37:38 +0200, Antoine Pitrou <solipsis at pitrou.net> wrote:
On Wed, 3 Sep 2014 10:54:55 -0700 Guido van Rossum <guido at python.org> wrote: > Today (working at Dropbox, a much smaller company!) I don't > even remember the last time I had to deal with such a browser > complaint -- internal services here all redirect to SSL, and not a > browser that can find fault with their certs.
Good for you. I still sometimes get warnings about expired certificates - and sometimes ones that don't exactly match the domain being fetched (for example, the certificate wouldn't be valid for that specific subdomain - note that CAs often charge a premium for multiple subdomains, which why small or non-profit Web sites sometimes skimp on them). You shouldn't assume that the experience of well-connected people in the Silicon Valley is representative of what people over the world encounter. Yes, where there's a lot of money and a lot of accumulated domain competence, security procedures are updated and followed more scrupulously...
Heck, yesterday I got invalid certs from...I think it was roku.com, but in any case not some obscure little company...the actual cert was an akamai cert, which means something is configured wrong somewhere.
--David
- Previous message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Next message: [Python-Dev] PEP 476: Enabling certificate validation by default!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]