Path: csiph.com!usenet.pasdenom.info!news.albasani.net!feeder.erje.net!1.eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed4a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.026 X-Spam-Evidence: '*H*': 0.95; '*S*': 0.00; 'warnings': 0.03; 'subject:Python': 0.05; 'data:': 0.07; 'https': 0.09; 'cc:addr :python-list': 0.10; '*should*': 0.16; '23,': 0.16; 'certificate.': 0.16; 'encryption': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'reason.': 0.16; 'wrote:': 0.16; 'typical': 0.18; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; '2015': 0.23; 'sat,': 0.23; 'header:In-Reply-To:1': 0.24; 'plain': 0.27; 'message-id:@mail.gmail.com': 0.28; '(although': 0.29; 'subject:other': 0.29; "they'll": 0.29; "we're": 0.30; 'connections': 0.31; 'probably': 0.32; 'subject:all': 0.32; 'point': 0.33; 'http': 0.33; 'received:google.com': 0.34; 'acceptable': 0.35; 'but': 0.36; 'there': 0.36; 'two': 0.37; 'should': 0.37; 'subject:: ': 0.37; 'pm,': 0.39; 'your': 0.60; 'here.': 0.61; 'taking': 0.62; 'information': 0.62; 'sharing': 0.64; 'encrypted': 0.66; 'user,': 0.67; 'subject:have': 0.80; 'chrisa': 0.84; 'scary': 0.84; 'subject:you': 0.88; 'to:none': 0.90; 'have.': 0.93 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=ioUfGR1kqq27rAOMkjOtWIGbUeA2a6ltQuxq7mJXI1E=; b=MlGBW0xbsIHAPCiKxgSRimOwWCzSErVb4Ktbd1Fcy4z4jJuDiQuZq1QM1LKFfBJf5I cJdCuhuL0z7syVk8weHrIsOyJKpmjcEMVcxyhgwtmRqDsfK8e6lVGG332LfU01alYtqL org/BHs3OmWrXYYvgaPLgjBAM50TE+fNmKQOcodE6z51JdIpNglDXxBV8/Ls5ewC4kMW kXmR+gHhBp6utHZSFMkmktabP/d4cNAQ8oWaEwOxAlNLpVO/TGWLLJSVURGggaQEdifQ 5y3lZSuNPaKZMb3eS2RgXkdL578oFbzH1u7sJWzb9m69YwgZD3MUYt86DBoOm0TOODYt 1V+w== MIME-Version: 1.0 X-Received: by 10.43.0.67 with SMTP id nl3mr12699630icb.59.1432356591000; Fri, 22 May 2015 21:49:51 -0700 (PDT) In-Reply-To: References: <555f440a$0$12990$c3e8da3$5496439d@news.astraweb.com> <555FA253.3020304@tundraware.com> <555FF482.8020007@gmail.com> <85382nylee.fsf@benfinney.id.au> Date: Sat, 23 May 2015 14:49:50 +1000 Subject: Re: Ah Python, you have spoiled me for all other languages From: Chris Angelico Cc: Python Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 19 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1432356599 news.xs4all.nl 2941 [2001:888:2000:d::a6]:42423 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:91099 On Sat, May 23, 2015 at 2:29 PM, Ian Kelly wrote: > There *should* be scary warnings for plain > HTTP connections (although there is a counter-argument that many sites > don't need any encryption and HTTPS would just be wasteful in those > cases). I don't think there should be "scary warnings", for precisely this reason. When the information you're sharing is completely public, there's no point taking the overhead of encryption. So there should be two normal and acceptable ways to access data: either unencrypted, or encrypted with a verified certificate. Oh look, that's what we have. There is an assumption that your system certificate store is trustworthy, but for the typical user, it's probably better than they'll get any other way, and for an atypical user, it can be pruned easily. But I think we're just a smidge off-topic here. ChrisA