Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: UNSURE 0.286
X-Spam-Level: **
X-Spam-Evidence: '*H*': 0.46; '*S*': 0.04; 'subject:Python': 0.05; 'https': 0.09; 'cc:addr:python-list': 0.10; '23,': 0.16; 'blame': 0.16; 'certificate,': 0.16; 'certs': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'tls': 0.16; 'wrote:': 0.16; 'ownership': 0.18; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; '2015': 0.23; 'sat,': 0.23; 'header:In-Reply-To:1': 0.24; 'install': 0.25; 'not.': 0.27; 'packaging': 0.27; 'least': 0.27; 'message-id:@mail.gmail.com': 0.28; 'issuing': 0.29; 'subject:other': 0.29; 'there.': 0.30; 'connection': 0.30; "can't": 0.32; 'anyone': 0.32; 'ideal': 0.32; 'subject:all': 0.32; 'problem': 0.33; 'received:google.com': 0.34; 'could': 0.35; 'problem.': 0.35; 'but': 0.36; 'there': 0.36; 'client': 0.37; 'subject:: ': 0.37; 'someone': 0.38; 'pm,': 0.39; 'sure': 0.40; 'why': 0.40; 'some': 0.40; 'your': 0.60; 'address': 0.61; "you've": 0.61; 'more': 0.62; 'is.': 0.63; 'different': 0.64; 'between': 0.65; 'encrypted': 0.66; 'guaranteed': 0.67; 'presented': 0.73; 'assurance': 0.75; 'lose': 0.76; 'address,': 0.77; 'subject:have': 0.80; 'browser.': 0.81; 'channel,': 0.84; 'chrisa': 0.84; 'distinguish': 0.84; 'inherent': 0.84; 'reliability': 0.84; 'subject:you': 0.88; 'to:none': 0.90; '"how': 0.91; 'certificates': 0.91; 'hassle': 0.91; 'secured': 0.91
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=3owV9bmO5OMa6ra7ttd2WMuxWmvU7FFDYGxlfrfqrK4=; b=xNACQyuK5ECqBM7psmpns6juCYsHGmnFoCDPfip26qAyk9VWzMoiDhN1T3iNfsuKui y+dpu/UU/wHeYaEFTFzMItPhka5BlmhYUVNR3pCDWmk/Zmo2A5E6rgKVCECFLOnpSewK Yi1Oq+9ymHDeiyswTUoeA9xJbD7psSJhkAqOUrGIvThlDmF6HgC5rANpbsj9oLPSE3wp 5iOUtsOs4L07vwOnKRYzdCVlrm8xylHESbcxoCmVpVSNntb/Me1WJRn9CSvUiVr/F5CQ 2g4WS/m8z7W9F8u/J4HeQJmhb4YU5WHKFcLCQlrqLGgI6rRzD5cAuDAKV1dTh7wLROeM u+3g==
MIME-Version: 1.0
X-Received: by 10.107.160.141 with SMTP id j135mr15067233ioe.43.1432354865835; Fri, 22 May 2015 21:21:05 -0700 (PDT)
In-Reply-To: <CALwzidkxFMpWc2miioN_L2mCPE6WFuHC_=HQX3vAmLL_KqqDRw@mail.gmail.com>
References: <555f440a$0$12990$c3e8da3$5496439d@news.astraweb.com> <mailman.222.1432309028.17265.python-list@python.org> <555FA253.3020304@tundraware.com> <mjomke$saf$1@ger.gmane.org> <555FF482.8020007@gmail.com> <CALwzidkxFMpWc2miioN_L2mCPE6WFuHC_=HQX3vAmLL_KqqDRw@mail.gmail.com>
Date: Sat, 23 May 2015 14:21:05 +1000
Subject: Re: Ah Python, you have spoiled me for all other languages
From: Chris Angelico <rosuav@gmail.com>
Cc: Python <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-Mailman-Approved-At: Sat, 23 May 2015 08:00:33 +0200
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.263.1432360834.17265.python-list@python.org>
Lines: 33
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1432360834 news.xs4all.nl 2908 [2001:888:2000:d::a6]:56858
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:91102

On Sat, May 23, 2015 at 2:10 PM, Ian Kelly <ian.g.kelly@gmail.com> wrote:
>> Sigh. I blame this as much on the browser.  There's no inherent reason
>> why a connection to a site secured with a self-signed certificate is
>> insecure.  In fact it's definitely not.
>
> Sure it is. Without some prior reason to trust the certificate, the
> certificate is meaningless. How is the browser to distinguish between
> a legitimate self-signed cert and a self-signed cert presented by an
> attacker conducting a man-in-the-middle attack?
>
> There is still some value in TLS with a self-signed certificate in
> that at least the connection is encrypted and can't be eavesdropped by
> an attacker who can only read the channel, but there is no assurance
> that the party you're communicating with actually owns the public key
> that you've been presented.

To be fair, certificates never actually tell you that the owner is
legitimate - all they do is move the problem. Self-signed certs move
the problem to "how do you get a guaranteed copy of this exact
server's certificate", which makes it an out-of-band issue (if you
meet someone you know in person and get a copy of the cert on a USB
stick, then manually install it, you can be sure it's safe);
externally-signed certs move the problem to the certificate chain and
its reliability (how well do the CSAs check ownership prior to issuing
a certificate?). Both are still problematic, just in different ways.

Self-signed certs are ideal if you're packaging your own client - you
could keep the IP address and certificate in the same VCS repository.
Anyone who can change the cert can also change the IP address, so you
lose no security there. But they're way WAY more hassle for https on
the public internet.

ChrisA