rome has done
it?
Top-posted from my Windows Phone
-Original Message-
From: "Cory Benfield"
Sent: 2/1/2017 2:03
To: "Steve Dower"
Cc: "Christian Heimes" ; "David Cournapeau"
; "python-dev"
Subject: Re: [Python-Dev] SSL certificates re
> On 1 Feb 2017, at 14:20, Steve Dower wrote:
>
> Sorry, I misspoke when I said "certificate validation callback", I meant the
> same callback Cory uses below (name escapes me now, but it's unfortunately
> similar to what I said). There are two callbacks in OpenSSL, one that allows
> you to v
Cory Benfield writes:
> The TL;DR is: I understand Christian’s concern, but I don’t think
> it’s important if you’re very, very careful.
But AIUI, the "you" above is the end-user or admin of end-user's
system, no? We know that they aren't very careful (or perhaps more
accurate, this is too fsc
> On 2 Feb 2017, at 03:38, Stephen J. Turnbull
> wrote:
>
> Cory Benfield writes:
>
>> The TL;DR is: I understand Christian’s concern, but I don’t think
>> it’s important if you’re very, very careful.
>
> But AIUI, the "you" above is the end-user or admin of end-user's
> system, no? We know
Cory Benfield writes:
> From a security perspective I think we have to discount the
> possibility of administrator error from our threat model.
I disagree in a certain sense, and in that sense you don't discount it
-- see below.
> A threat model that includes “defend the system against intrus