Re: basic auth request

In comp.lang.python, Barry wrote: > It is possible to sign an ip address in a certificate, but that is not > often done. It's bad practice. I've never seen one in the wild. > Getting to reuse the IP address that example.com was using will not help > the attacker unless they can make a cert that

Re: basic auth request

> On 25 Aug 2021, at 20:34, Eli the Bearded <*@eli.users.panix.com> wrote: > > In comp.lang.python, Jon Ribbens wrote: >> Another attempt at combatting this problem is DNS CAA records, >> which are a way of politely asking all CAs in the world except the >> ones you choose "please don't issue

Re: basic auth request

In comp.lang.python, Jon Ribbens wrote: > On 2021-08-25, Eli the Bearded <*@eli.users.panix.com> wrote: >> $COMPANY puts out a lot of things on different IP addresses from >> a shared public(ish) pool like AWS and assigns different names >> to them. Later $COMPANY discontinues one or more of thos

Re: basic auth request

On 2021-08-25, Eli the Bearded <*@eli.users.panix.com> wrote: > In comp.lang.python, Jon Ribbens wrote: >> Another attempt at combatting this problem is DNS CAA records, >> which are a way of politely asking all CAs in the world except the >> ones you choose "please don't issue a certificate for

Re: basic auth request

In comp.lang.python, Jon Ribbens wrote: > Another attempt at combatting this problem is DNS CAA records, > which are a way of politely asking all CAs in the world except the > ones you choose "please don't issue a certificate for my domain". > By definition someone who had hacked a CA would pay n

Re: basic auth request

On 2021-08-22 19:37:24 +1000, Chris Angelico wrote: > On Sun, Aug 22, 2021 at 6:45 PM Peter J. Holzer wrote: > > > > On 2021-08-22 05:04:43 +1000, Chris Angelico wrote: > > > On Sun, Aug 22, 2021 at 4:55 AM Martin Di Paola > > > wrote: > > > > HTTPS ensures encryption so the content, including th

Re: basic auth request

On 2021-08-25, Chris Angelico wrote: > On Thu, Aug 26, 2021 at 12:48 AM Jon Ribbens via Python-list > wrote: >> Another attempt at combatting this problem is DNS CAA records, >> which are a way of politely asking all CAs in the world except the >> ones you choose "please don't issue a certificate

Re: basic auth request

On Thu, Aug 26, 2021 at 12:48 AM Jon Ribbens via Python-list wrote: > > On 2021-08-25, Chris Angelico wrote: > > On Thu, Aug 26, 2021 at 12:16 AM Jon Ribbens via Python-list > > wrote: > >> There are so many trusted CAs these days that the chances of them all > >> being secure approaches zero - t

Re: basic auth request

On 2021-08-25, Chris Angelico wrote: > On Thu, Aug 26, 2021 at 12:16 AM Jon Ribbens via Python-list > wrote: >> There are so many trusted CAs these days that the chances of them all >> being secure approaches zero - they are not all equal yet they are all >> equally trusted. Which is why a change

Re: basic auth request

On Thu, Aug 26, 2021 at 12:16 AM Jon Ribbens via Python-list wrote: > > On 2021-08-25, Chris Angelico wrote: > > On Wed, Aug 25, 2021 at 5:20 PM Barry Scott wrote: > >> Only if this threat model matters to you or your organisation. > >> Personal its low down of the threats I watch out for. > >>

Re: basic auth request

> On 22 Aug 2021, at 12:03, Chris Angelico wrote: > > On Sun, Aug 22, 2021 at 8:30 PM Barry Scott > wrote: >> >> >> >> On 22 Aug 2021, at 10:37, Chris Angelico wrote: >> >> When it comes to security, one thing I'm very curious about is why we >> don't have

Re: basic auth request

On 2021-08-25, Chris Angelico wrote: > On Wed, Aug 25, 2021 at 5:20 PM Barry Scott wrote: >> Only if this threat model matters to you or your organisation. >> Personal its low down of the threats I watch out for. >> >> The on-line world and the real-world are the same here. >> >> If a business ch

Re: basic auth request

On Wed, Aug 25, 2021 at 5:20 PM Barry Scott wrote: > > Only if this threat model matters to you or your organisation. > Personal its low down of the threats I watch out for. > > The on-line world and the real-world are the same here. > > If a business changes hands then do you trust the new owners