Message 212194 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	aclover
Recipients	aclover
Date	2014-02-25.18:35:02
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1393353302.45.0.453637573784.issue20770@psf.upfronthosting.co.za>
In-reply-to

Content
This could potentially be considered a security issue as it would allow a MitM attacker to sabotage the STARTTLS and get the rest of the content in the clear. I don't personally consider it too serious as I doubt anyone is (a) relying on the security of this for lowly mail and (b) has the rest of the context stuff set up to validate the TLS connection properly anyhow, but there's an argument for sec bug.

This could potentially be considered a security issue as it would allow a MitM attacker to sabotage the STARTTLS and get the rest of the content in the clear.

I don't personally consider it too serious as I doubt anyone is (a) relying on the security of this for lowly mail and (b) has the rest of the context stuff set up to validate the TLS connection properly anyhow, but there's an argument for sec bug.

History
Date	User	Action	Args
2014-02-25 18:35:02	aclover	set	recipients: + aclover
2014-02-25 18:35:02	aclover	set	messageid: <1393353302.45.0.453637573784.issue20770@psf.upfronthosting.co.za>
2014-02-25 18:35:02	aclover	link	issue20770 messages
2014-02-25 18:35:02	aclover	create