[RFC] Default to urllib http implementation.
Colin D Bennett
colin at gibibit.com
Tue May 19 05:21:22 BST 2009
Andrew Cowie wrote on Monday 18 May 2009:
> On Mon, 2009-05-18 at 19:47 -0700, Colin D Bennett wrote:
> > I don't understand. Any SSL connection should prevent man-in-the-middle
> > attacks, right?
>
> No, because
>
> > I would *not* want to turn off the host certificate check; that defeats
> > the point of using a secure connection in the first place. I would want
> > to instead *trust* the server certificate.
>
> is what prevents the man-in-the-middle attack.
>
> [ie, you had it right]
>
> SSL provides confidentiality between endpoints. You have to go further
> to establish the endpoint you are talking to is who you think it is.
> That part has ever been the cumbersome part of asymmetric cryptography
> and public key infrastructure.
I understand PKI fairly well. My point is that you just have to get the
actual server certificate once, trust it, and then you are guaranteed that
there is no man in the middle from that point forward. Obviously you must
obtain the server certificate through a trusted communication channel (in
person on physical media such as a USB flash drive, via secure e-mail, from a
secure web page, or verifying the key's signature over the phone).
For instance, I encountered the pycurl SSL problem for a university project.
We had a Subversion server with SSL and a self-signed certificate. I had to
use bzr with urllib because I could not mark the certificate as trusted with
pycurl, even though I had physical access to the server and could obtain the
key in a secure manner.
Regards,
Colin
More information about the bazaar
mailing list