Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.albasani.net!feeder.erje.net!1.eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <ian.g.kelly@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.180
X-Spam-Level: *
X-Spam-Evidence: '*H*': 0.65; '*S*': 0.01; 'subject:Python': 0.05; "'''": 0.09; '22,': 0.09; 'normally,': 0.09; 'python': 0.11; 'blame': 0.16; 'certificate,': 0.16; 'language:': 0.16; 'reedy': 0.16; 'tls': 0.16; 'wrote:': 0.16; '>>>': 0.20; 'programming': 0.23; '2015': 0.23; 'header:In-Reply-To:1': 0.24; 'tim': 0.24; 'not.': 0.27; 'least': 0.27; 'message-id:@mail.gmail.com': 0.28; 'asked': 0.28; 'subject:other': 0.29; 'terry': 0.29; 'connection': 0.30; 'fri,': 0.31; "can't": 0.32; 'subject:all': 0.32; 'michael': 0.33; 'received:google.com': 0.34; 'to:addr:python-list': 0.35; 'identity': 0.35; 'something': 0.35; 'but': 0.36; 'there': 0.36; 'subject:: ': 0.37; 'pm,': 0.39; 'to:addr:python.org': 0.39; 'sure': 0.40; 'why': 0.40; 'some': 0.40; 'your': 0.60; 'confirm': 0.61; "you've": 0.61; 'trusted': 0.62; 'more': 0.62; 'is.': 0.63; 'between': 0.65; 'encrypted': 0.66; 'secure.': 0.66; 'presented': 0.73; 'assurance': 0.75; 'subject:have': 0.80; 'browser.': 0.81; 'channel,': 0.84; 'distinguish': 0.84; 'inherent': 0.84; "site's": 0.84; 'to:name:python': 0.84; 'subject:you': 0.88; 'secured': 0.91; 'verified.': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=1Qc37/viTaRSXC6w/d0nxHVG/Kg57LNtLl376tL1oTY=; b=f25ruXqCilFVyUQ4JqwRJwkBIvCxnxg99yiW1EEFqENJhq1jGhAgKteJELh3dcXUTJ iCBV+6oJKbT7szp08RflnyN1jaTxSEU1/J5WV+e75TvfXaSdsWyYxlT5TjDbS/Nr7zpg BV41W4rw+IFscReQRQX+MIBVUo/XBjJBTeW6dQo1atvgwAqGyPay07QDsDY4ngnXrN2Q p4xEPC35PPt3/JHc7ureQUEMeOblmsa894q08dUXPZsW1aoHsAiHWqOY8W+7UNX9jh9X rZHwnyua/+ZIxl8K0Pc1E23/C7nuLgsfiwPBwC31TsbLg3I11WElBtvp+lj/8pVrQoxs q/qw==
X-Received: by 10.42.226.8 with SMTP id iu8mr12728366icb.17.1432354285057; Fri, 22 May 2015 21:11:25 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <555FF482.8020007@gmail.com>
References: <555f440a$0$12990$c3e8da3$5496439d@news.astraweb.com> <mailman.222.1432309028.17265.python-list@python.org> <555FA253.3020304@tundraware.com> <mjomke$saf$1@ger.gmane.org> <555FF482.8020007@gmail.com>
From: Ian Kelly <ian.g.kelly@gmail.com>
Date: Fri, 22 May 2015 22:10:44 -0600
Subject: Re: Ah Python, you have spoiled me for all other languages
To: Python <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.254.1432354294.17265.python-list@python.org>
Lines: 35
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1432354294 news.xs4all.nl 2938 [2001:888:2000:d::a6]:56899
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:91093

On Fri, May 22, 2015 at 9:31 PM, Michael Torrie <torriem@gmail.com> wrote:
> On 05/22/2015 07:54 PM, Terry Reedy wrote:
>> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
>>
>>> Lo these many years ago, I argued that Python is a whole lot more than
>>> a programming language:
>>>
>>>     https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
>>
>> Perhaps something at tundraware needs updating.
>> '''
>> This Connection is Untrusted
>>
>> You have asked Firefox to connect securely to www.tundraware.com, but we
>> can't confirm that your connection is secure.
>>
>> Normally, when you try to connect securely, sites will present trusted
>> identification to prove that you are going to the right place. However,
>> this site's identity can't be verified.
>> '''
>
> Sigh. I blame this as much on the browser.  There's no inherent reason
> why a connection to a site secured with a self-signed certificate is
> insecure.  In fact it's definitely not.

Sure it is. Without some prior reason to trust the certificate, the
certificate is meaningless. How is the browser to distinguish between
a legitimate self-signed cert and a self-signed cert presented by an
attacker conducting a man-in-the-middle attack?

There is still some value in TLS with a self-signed certificate in
that at least the connection is encrypted and can't be eavesdropped by
an attacker who can only read the channel, but there is no assurance
that the party you're communicating with actually owns the public key
that you've been presented.