If you take a look at the "convergence" system and make sure different parts of the net see the same key, or just do what ssh does and assume the key won't change after the first time, those are good solutions. Of course it really should just have a ca signature too.
Daniel Holth On Jul 27, 2012, at 2:36 AM, Richard Jones <r1chardj0...@gmail.com> wrote: > I'm not sure we can securely distribute the PEM to all the potential > users. A better solution is to have a Real SSL Certificate, but that > effort keeps failing :-( > > On the other hand, Kenneth just released a new version of requests > which removes the need to use my branch :-) > > > Richard > > On 27 July 2012 11:45, Daniel Holth <dho...@gmail.com> wrote: >> You can also pass the expected ssl certificate to requests, but I'm not sure >> of the exact syntax (see the advanced use section of their docs). This is >> the most secure option if you know which cert the server should present. >> >> Daniel Holth >> >> On Jul 26, 2012, at 9:34 PM, Richard Jones <r1chardj0...@gmail.com> wrote: >> >>> On 27 July 2012 11:17, Richard Jones <r1chardj0...@gmail.com> wrote: >>>> Note that you need to use my branch of requests for this to work >>>> (https://github.com/r1chardj0n3s/requests) and rauth currently needs >>>> to be modified to handle unverifiable SSL certificates. >>> >>> The author of rauth has shown me how to avoid the modification; the >>> code on the wiki page now works with the current un-modified rauth >>> release. >>> >>> >>> Richard >>> _______________________________________________ >>> Catalog-SIG mailing list >>> Catalog-SIG@python.org >>> http://mail.python.org/mailman/listinfo/catalog-sig _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
