Author naif
Recipients naif
Date 2011-12-23.10:18:53
SpamBayes Score 7.68009e-06
Marked as misclassified No
Message-id <1324635534.55.0.434420251569.issue13655@psf.upfronthosting.co.za>
In-reply-to
Content
For the certificate store:

Can we eventually agree to bind a default CA-store to a Mozilla verified one?
Mozilla in handling Firefox does a great job in keeping CA-store up-to-date.

Integrating default mozilla CA-store with Python builds could be a nice way, it's just a matter of integrating into the build-system the download/fetching of default Mozilla store.

At least the language base it's default on a trusted entity to manage, cross-platform, the CA-store for TLS/SSL.

The mainteinance of the CA-store would be delegated to Mozilla that has been demonstrated to be independent and very security conscious, removing dirty CA-store (like Diginotar after Iranian compromise).

That way 90% of case of of SSL/TLS certificate validation will be managed and by default it would be possible to enable secure SSL/TLS client checking like described in http://bugs.python.org/issue13647 .
History
Date User Action Args
2011-12-23 10:18:54naifsetrecipients: + naif
2011-12-23 10:18:54naifsetmessageid: <1324635534.55.0.434420251569.issue13655@psf.upfronthosting.co.za>
2011-12-23 10:18:53naiflinkissue13655 messages
2011-12-23 10:18:53naifcreate