On Thu, 23 Jan 2014 01:45:15 -0500 Scott Dial <scott+python-...@scottdial.com> wrote: > > Anecdotally, I already know of a system at work that is using HTTPS > purely for encryption, because the authentication is done in-band. So, a > self-signed cert was wholly sufficient. The management tools use a > RESTful interface over HTTPS for control, but you are telling me this > will be broken by default now. What do I tell our developers (who often > adopt the latest and greatest versions of things to play with)?
That the system may be vulnerable to MITM attacks? (depending on how the authentication is done) Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com