Cory, from your point of view is there interest in being able to tell Requests "I want the no-compromises trust store" and accept a reduced compatibility in exchange for knowing that you're a little safer ?
Right now, as a programmer I have three choices with Requests: Verify=True: The default, the store you've described, based on NSS but lacking its nuance, will be used to perform verification of host certificates Verify='/a/filename': I must maintain my own trust store, which is a huge pain in the backside. Verify=False: All verification is switched off. Here be dragons. In Firefox there is no interest in making users lives more complicated by introducing more decisions. But a programmer writing code with Requests and getting as far as reading the documentation for certifi already _does_ care about these decisions. I'm sure the same is true for programmers in other environments. In contrast to the idea of trying to get other clients to implement all the nuances of Firefox's graduated trust, my idea here is to promote the option of deliberately distrusting CAs entirely in these clients, ahead of any such extreme sanction from Mozilla in Firefox. Mozilla could decide (or not) to add an advisory mark when putting in place a graduated trust and this would mean the maintenance burden to offer both an ordinary and a "no-compromise" trust store with something like Requests would be minimal, just verify=certifi.I_HATE_FUN or whatever. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
