Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!eternal-september.org!feeder.eternal-september.org!border1.nntp.ams1.giganews.com!nntp.giganews.com!newsfeed.xs4all.nl!newsfeed1a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.081 X-Spam-Evidence: '*H*': 0.84; '*S*': 0.00; 'subject:Python': 0.05; 'great.': 0.07; 'https': 0.09; 'cc:addr:python-list': 0.10; 'python': 0.11; '23,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'normal,': 0.16; 'opposite': 0.16; 'secured,': 0.16; 'wrote:': 0.16; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; 'browsers': 0.22; '2015': 0.23; 'sat,': 0.23; 'header:In-Reply-To:1': 0.24; 'script': 0.25; 'joe': 0.27; 'message-id:@mail.gmail.com': 0.28; 'does,': 0.29; 'origin': 0.29; 'subject:other': 0.29; 'sure,': 0.29; 'no,': 0.29; '(including': 0.30; 'connection': 0.30; 'subject:all': 0.32; 'http': 0.33; 'true.': 0.33; 'received:google.com': 0.34; 'something': 0.35; "isn't": 0.35; 'problem.': 0.35; 'but': 0.36; 'being': 0.36; 'client': 0.37; 'subject:: ': 0.37; 'pm,': 0.39; 'where': 0.40; 'your': 0.60; 'secure': 0.61; 'here.': 0.61; 'card': 0.63; 'world': 0.64; 'between': 0.65; 'encrypted': 0.66; 'secure.': 0.66; 'connection.': 0.76; 'subject:have': 0.80; '"hey,': 0.84; 'chrisa': 0.84; 'subject:you': 0.88; 'to:none': 0.90; 'passwords,': 0.91; 'average': 0.93; 'trained': 0.95 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=zFmMNUngny51NCmICRQFFcR4SBp69luT7dKDwGj6Sa4=; b=icEdat1UjNcyE5zmG0KyUA2bMZySC69xB/IpnghBK6nMWTV7OUgimf1K8OimLr8tX7 Ss1gSydCXPkLsbOfl+bxjdj27pcWJvXlAl0N5qR5PaOHnNc9Ywn7xcejpgSUFrBPjvma GGnz+lRgdN/bJQkwKwJNhYkCkykRNxuIaLuUZptmz3coem7bMP0APUja6DcCR0nOc9Ua X4sr8NwQ0uZM+GDhb9jFHJl0IjuRUy31RSe6NpSpSODy+V6JYlSsn2etBhEnzSxul2VK fJNdBpUkxcE12JfOOHta2irw3N1k4NBxDlEKaGPVG3galA1tXi4dbQRopMVShExj29A+ 7Raw== MIME-Version: 1.0 X-Received: by 10.107.134.153 with SMTP id q25mr14547116ioi.27.1432355339230; Fri, 22 May 2015 21:28:59 -0700 (PDT) In-Reply-To: <85382nylee.fsf@benfinney.id.au> References: <555f440a$0$12990$c3e8da3$5496439d@news.astraweb.com> <555FA253.3020304@tundraware.com> <555FF482.8020007@gmail.com> <85382nylee.fsf@benfinney.id.au> Date: Sat, 23 May 2015 14:28:59 +1000 Subject: Re: Ah Python, you have spoiled me for all other languages From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 18 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1432357208 news.xs4all.nl 2856 [2001:888:2000:d::a6]:50251 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:91101 On Sat, May 23, 2015 at 2:20 PM, Ben Finney wrote: > Where I disagree is that this is somehow less secure than a completely > *unencrypted* HTTP connection. No, the opposite is true. No, it isn't less secure. However, people have been trained for years to look for the padlock (including looking for padlocks before entering credit card numbers or passwords, despite the fact that HTTPS on the form isn't actually what's significant), and that's the key here. Web browsers are intended for *humans* to use. You want a truly secure connection between your Python client script and your Python server? Sure, self-signed cert is great. You want something that an average Joe can understand? Do what 99% of the world does, and get a CSA-signed cert. Unencrypted is normal, encrypted is normal, and the only thing that's being flagged is "hey, this *looks* secured, but it might not be the right server". It's still encrypted, but the unverified origin is a potential problem. ChrisA