Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed4a.news.xs4all.nl!xs4all!news.tele.dk!news.tele.dk!small.news.tele.dk!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.158 X-Spam-Level: * X-Spam-Evidence: '*H*': 0.69; '*S*': 0.00; 'subject:Python': 0.05; 'cc:addr:python-list': 0.10; '23,': 0.16; 'check?': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'wifi,': 0.16; 'wrote:': 0.16; 'library,': 0.18; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; '2015': 0.23; 'sat,': 0.23; 'header :In-Reply-To:1': 0.24; 'tim': 0.24; 'message-id:@mail.gmail.com': 0.28; 'initial': 0.29; 'chase': 0.29; 'hacker': 0.29; 'subject:other': 0.29; 'talked': 0.29; 'connection': 0.30; 'too.': 0.30; 'convention': 0.31; 'minimal': 0.31; 'subject:all': 0.32; 'received:google.com': 0.34; 'attempt': 0.35; 'but': 0.36; 'being': 0.36; 'possible': 0.36; 'subject:: ': 0.37; 'signature': 0.37; 'say': 0.38; 'pm,': 0.39; 'where': 0.40; 'some': 0.40; 'your': 0.60; 'determine': 0.61; 'valuable': 0.61; 'confirm': 0.61; 'visit': 0.64; 'contact': 0.66; 'laptop': 0.67; 'talking': 0.67; 'home': 0.67; 'hesitate': 0.69; 'benefit': 0.70; 'worth': 0.73; 'subject:have': 0.80; 'chrisa': 0.84; 'hostile': 0.84; 'subject:you': 0.88; 'to:none': 0.90 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=064H3+C7RNNgNZkFw5FTh+sFxglAzOQB4z31C5WO0oQ=; b=WaVupb6KbLe4AgYN5RjXuyqGWERxrFSK7ueN4u639xVz0scN+K6KgG1KvlLGDiFRnQ rWd2aUmY/2y9EyYjvW8KkrlSU3BtMv3hgFWc/U+cQ8bHjRUmpd3ZU3Ge5q6rGL1QVPvT BRxyFAUTuTuTgVJvz1CGydhUOoIzJVwrCUTIMQ8etbw3gxG3YiM3e9uipTbcqlzvyfHp VrKpxngMMhqSPF635pLlNN4Po4JB+X4InnBqyuMXH1x8dS1uyKM6Ws5kr6Wjr/euzbaK nqFxg8JOvaBqtAzKJFt+UPU5fBzFskDx7fAjtG0LdPKCbEtzNUZkK7l9vjdE+pM0K3uU K87w== MIME-Version: 1.0 X-Received: by 10.43.39.1 with SMTP id tk1mr14249912icb.26.1432381219615; Sat, 23 May 2015 04:40:19 -0700 (PDT) In-Reply-To: <20150523063424.34308765@bigbox.christie.dr> References: <555f440a$0$12990$c3e8da3$5496439d@news.astraweb.com> <555FA253.3020304@tundraware.com> <555FF482.8020007@gmail.com> <20150523063424.34308765@bigbox.christie.dr> Date: Sat, 23 May 2015 21:40:19 +1000 Subject: Re: Ah Python, you have spoiled me for all other languages From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 18 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1432381228 news.xs4all.nl 2865 [2001:888:2000:d::a6]:51842 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:91119 On Sat, May 23, 2015 at 9:34 PM, Tim Chase wrote: > A self-signed certificate may be of minimal worth the *first* time you > visit a site, but if you return to the site, that initial > certificate's signature can be used to confirm that you're talking to > the same site you talked to previously. This is particularly > valuable on a laptop where you make initial contact over a (I > hesitate to say "more secure") less hostile connection through your > home ISP. Then, when you're out at the library, coffee-shop, or some > hacker convention on their wifi, it's possible to determine whether > you're securely connecting to the *same* site, or whether an attempt > is being made to MitM because the cert changed. You can get the exact same benefit (knowing when the cert changes) with an externally-signed cert too. How many people actually bother to check? ChrisA