User: Password:
Subscribe / Log in / New account

Python, SSL/TLS certificates and default validation

Python, SSL/TLS certificates and default validation

Posted Feb 13, 2014 8:09 UTC (Thu) by gmatht (guest, #58961)
Parent article: Python, SSL/TLS certificates and default validation

What if python by default accepts and stores a new self-signed cert iff:
1) There is no competing cert from a trusted CA for the domain.
2) There is no stored cert for the domain.

This would seem to greatly increase the difficultly to MITM the https connection without anything suddenly breaking. Things would break if the self-signed cert changes but then the breakage would be the "fault" of the person who changed the cert not the python upgrade; a self-signed cert that changes without warning isn't particularly useful.

My main concern is that this would now mean that we keep a log of every domain the python script accesses, which could be a privacy issue. However I expect that normally those domains would be included in the python script itself or its configuration files so that may not be a problem in practice.

A random idea: I think it would be nice if we could also embed signatures of certs in URLs. If the user is going to a new website they don't recognize, then knowing the target matches the link is perhaps more useful to them than knowing the target matches whatever some CA mapped the name they don't recognize to.

(Log in to post comments)

Python, SSL/TLS certificates and default validation

Posted Feb 15, 2014 19:37 UTC (Sat) by kleptog (subscriber, #1183) [Link]

The "list of domains" issue can be solved the same way as for SSH, store a hash of the domain. I think introducing "store on first connect" semantics would improve security without breaking randomly all over the place.

Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds