-----Original Message----- From: Donald Stufft <donald@stufft.io> Reply: Donald Stufft <donald@stufft.io> Date: January 12, 2017 at 13:46:26 To: Cory Benfield <cory@lukasa.co.uk> Cc: security-sig@python.org <security-sig@python.org>, Christian Heimes <christian@cheimes.de> Subject: Re: [Security-sig] Unified TLS API for Python
On Jan 12, 2017, at 2:39 PM, Cory Benfield wrote:
I'm not even sure about the specific API we're using for SNI: I might just want to restrict it to emitting new certificates.
I am pro restricting the API, can always relax restrictions later.
Expanding APIs is always leagues easier than contracting them. Starting off with the minimum necessary API makes perfect sense. As needs are found that it cannot meet, then expanding it slowly and methodically will be easy and painless. In other words, +1 on keeping it small to start and restricting the API. -- Ian Cordasco