Message150142
For the certificate store:
Can we eventually agree to bind a default CA-store to a Mozilla verified one?
Mozilla in handling Firefox does a great job in keeping CA-store up-to-date.
Integrating default mozilla CA-store with Python builds could be a nice way, it's just a matter of integrating into the build-system the download/fetching of default Mozilla store.
At least the language base it's default on a trusted entity to manage, cross-platform, the CA-store for TLS/SSL.
The mainteinance of the CA-store would be delegated to Mozilla that has been demonstrated to be independent and very security conscious, removing dirty CA-store (like Diginotar after Iranian compromise).
That way 90% of case of of SSL/TLS certificate validation will be managed and by default it would be possible to enable secure SSL/TLS client checking like described in http://bugs.python.org/issue13647 . |
|
Date |
User |
Action |
Args |
2011-12-23 10:18:54 | naif | set | recipients:
+ naif |
2011-12-23 10:18:54 | naif | set | messageid: <1324635534.55.0.434420251569.issue13655@psf.upfronthosting.co.za> |
2011-12-23 10:18:53 | naif | link | issue13655 messages |
2011-12-23 10:18:53 | naif | create | |
|