Author Thomas.Leonard
Recipients Ryan.Tucker, Thomas.Leonard, ahasenack, asdfasdfasdfasdfasdfasdfasdf, debatem1, devin, eric.araujo, giampaolo.rodola, heikki, janssen, jcea, jsamuel, kiilerix, orsenthil, pitrou, techtonik, vila, zooko
Date 2012-02-25.10:20:24
SpamBayes Score 1.90289e-05
Marked as misclassified No
Message-id <1330165225.74.0.0740009393964.issue1589@psf.upfronthosting.co.za>
In-reply-to
Content
Just to add a couple of data points to argue in favour of a secure-by-default behaviour:

0install.net:

http://secunia.com/advisories/47935 (spoofing attack due to certificate names not being validated)

Mozilla is recommending people avoid using Python's built-in SSL:

https://github.com/mozilla/browserid/wiki/Security-Considerations-when-Implementing-BrowserID

I find it hard to believe that anyone would be able to write an SSL client in Python currently without introducing some vulnerability. There are too many traps to fall into. Here are the three I know about:

1. Not specifying any trusted CAs means trust everyone (where for most software it would mean either trust no-one or trust only well-known CAs).

2. Specifiying a single trusted CA means also trust all known CAs (on MacOS X at least).

3. Unless you manually enable hostname checking, the attacker only needs a valid SSL certificate for their own site, not for the site they're spoofing.
History
Date User Action Args
2012-02-25 10:20:26Thomas.Leonardsetrecipients: + Thomas.Leonard, jcea, zooko, janssen, orsenthil, pitrou, techtonik, giampaolo.rodola, vila, heikki, ahasenack, kiilerix, eric.araujo, debatem1, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker
2012-02-25 10:20:25Thomas.Leonardsetmessageid: <1330165225.74.0.0740009393964.issue1589@psf.upfronthosting.co.za>
2012-02-25 10:20:25Thomas.Leonardlinkissue1589 messages
2012-02-25 10:20:24Thomas.Leonardcreate