In article <4ca3a46b.4080...@animats.com>, John Nagle <na...@animats.com> wrote: > We've been through this. Too many times. > > http://bugs.python.org/issue1114345 > (2005: Broken in Python 2.2, eventually fixed) > > http://www.justinsamuel.com/2008/12/25/the-importance-of-validating-ssl-certif > icates/ > (2008: Why this matters) > > http://www.mail-archive.com/python-list@python.org/msg281736.html > (2010: Broken in new Python 2.6 SSL module.) > > http://bugs.python.org/issue1589 > (2010: Developer "Bill Jansen" in denial, others disagree. > Currently being debated. See bug tracker.) > > The really stupid thing about the current SSL module is that it > accepts a file of root certificates as a parameter, but ignores it. > So it creates the illusion of security without providing it. > As someone pointed out, the current SSL module "lets you talk > encrypted to your attacker".
I'll just note in passing that Issue1589 is being discussed again. Feel free to contribute. -- Ned Deily, n...@acm.org -- http://mail.python.org/mailman/listinfo/python-list
