Path: csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail From: Random832 Newsgroups: comp.lang.python Subject: Re: OT: limit number of connections from browser to my server? Date: Sun, 22 May 2016 15:04:13 -0400 Lines: 21 Message-ID: References: <1463943853.1843750.615287929.64BA8A0B@webmail.messagingengine.com> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Trace: news.uni-berlin.de /+YUJDJc/CXCVhpBmAH8tAgEVbQ+bFq81lgg0f06lC6g== Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.011 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'subject:number': 0.07; 'https': 0.09; 'received:internal': 0.09; 'spec': 0.09; 'wed,': 0.15; 'explicitly': 0.15; 'user.': 0.15; 'certificate,': 0.16; 'gregory': 0.16; 'message-id:@webmail.messagingengine.com': 0.16; 'received:10.202': 0.16; 'received:10.202.2': 0.16; 'received:10.202.2.212': 0.16; 'received:66.111': 0.16; 'received:66.111.4': 0.16; 'received:io': 0.16; 'received:messagingengine.com': 0.16; 'received:psf.io': 0.16; 'subject:limit': 0.16; 'subject:server': 0.16; 'wrote:': 0.16; 'ssl': 0.18; 'large,': 0.22; 'header:In-Reply-To:1': 0.24; 'signed': 0.24; 'device': 0.28; 'shaping': 0.29; "i'm": 0.30; 'probably': 0.31; 'another': 0.32; 'generally': 0.32; 'german': 0.32; 'open': 0.33; 'something': 0.35; 'too': 0.36; 'there': 0.36; 'to:addr:python-list': 0.36; 'subject:?': 0.36; 'subject:: ': 0.37; 'received:10': 0.37; 'being': 0.37; 'say': 0.37; 'things': 0.38; 'received:66': 0.38; 'mean': 0.38; 'subject:from': 0.39; 'to:addr:python.org': 0.40; 'field': 0.60; 'entire': 0.61; 'header :Message-Id:1': 0.61; 'devices': 0.61; 'customer': 0.62; 'skip:n 10': 0.62; 'issued': 0.66; "they're": 0.66; 'internet': 0.70; "it'd": 0.84; 'certificates': 0.91; 'edwards': 0.91 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.com; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=K0H+OYdeqTj+3GAS+P29Hh3pKvE=; b=3CRelU EadsPzhBXhqTYHhQsjLME1R8PSDm5SodJexf8+ivz2Wb46HWz4yVE9W0yqs8TGPy qOdYEwrPsn9D7QAdYeuCFkPJMC+qL4YWVBs4HkrsKpjcBxe/vuv0ZWT+LpjxyaiQ 2zZcxiPs2UJ1T0vtSxIRbvOpllZ0VGPd1D0c0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=K0H+OYdeqTj+3GA S+P29Hh3pKvE=; b=kf80tYLKr0ZshfmrJfv5/gbn7c2XRZTf9lHrHsgQp9e5BuQ 4llwRDtgyS744FOyKd1cnD9S504K50gtYwDQZxHQMldnTHImMIgUv3y2yiiFeb2v 13/sry78VirFHg4MdAoUF047HWpUaJie0y8LHlQorkbt/3LNTz/ST54C/Ulo= X-Sasl-Enc: 16p/rcVfln4dQrB8jyQe2evvoma/rCkF2H1a2PtRRGS+ 1463943853 X-Mailer: MessagingEngine.com Webmail Interface - ajax-37b57599 In-Reply-To: X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <1463943853.1843750.615287929.64BA8A0B@webmail.messagingengine.com> X-Mailman-Original-References: Xref: csiph.com comp.lang.python:108958 On Wed, May 18, 2016, at 18:58, Gregory Ewing wrote: > Grant Edwards wrote: > > Product spec explicitly states HTTPS only. I'm told that is not open > > for discussion. The customer is a large, somewhat bureaucratic German > > corporation, and they generally mean it when they say something is > > non-negotiable. > > They're probably being sensible. The way the Internet of > Things is shaping up, it's far better to have too much > security than too little. HTTPS provides little to no security on a device which has no domain name, since we don't have any well-established way to manage self-signed certificates, or certificates signed on a basis other than the domain name. It'd be nice if there were a way for IOT devices to have a certificate signed *by the manufacturer*. The entire SSL browser UI paradigm is predicated on the fact that what is verified by a certificate is the domain name, which must match the CN field of the certificate, and provides no way to present a certificate issued on another basis to the user.