Bill Janssen <[EMAIL PROTECTED]> added the comment: checking hostnames is false security, not real security.
On 8/20/08, Heikki Toivonen <[EMAIL PROTECTED]> wrote: > > Heikki Toivonen <[EMAIL PROTECTED]> added the comment: > > > I would think most people/applications want to know to which host they > are talking to. The reason I am advocating adding a default check to the > stdlib is because this is IMO important for security, and it is easy to > get it wrong (I don't think I have it 100% correct in M2Crypto either, > although I believe it errs on the side of caution). I believe it would > be a disservice to ship something that effectively teaches developers to > ignore security (like the old socket.ssl does). > > A TLS extension also allows SSL vhosts, so static IPs are no longer > strictly necessary (this is not universally supported yet, though). > > > _______________________________________ > Python tracker <[EMAIL PROTECTED]> > <http://bugs.python.org/issue1589> > _______________________________________ > _______________________________________ Python tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue1589> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
