New submission from naif <n...@globaleaks.org>:

For the certificate store:

Can we eventually agree to bind a default CA-store to a Mozilla verified one?
Mozilla in handling Firefox does a great job in keeping CA-store up-to-date.

Integrating default mozilla CA-store with Python builds could be a nice way, 
it's just a matter of integrating into the build-system the download/fetching 
of default Mozilla store.

At least the language base it's default on a trusted entity to manage, 
cross-platform, the CA-store for TLS/SSL.

The mainteinance of the CA-store would be delegated to Mozilla that has been 
demonstrated to be independent and very security conscious, removing dirty 
CA-store (like Diginotar after Iranian compromise).

That way 90% of case of of SSL/TLS certificate validation will be managed and 
by default it would be possible to enable secure SSL/TLS client checking like 
described in http://bugs.python.org/issue13647 .

----------
components: Library (Lib)
messages: 150142
nosy: naif
priority: normal
severity: normal
status: open
title: Python SSL stack doesn't have a default CA Store
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue13655>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to