[Python-Dev] Future of SSL

[Guido van Rossum]

> What I'd suggest for Python 2.2 is to *not* add any new features, like
> server-side SSL but only accept bugfixes for the current client-side
> code.

Sounds good to me.

> As the current implementation is broken and there is probably little SSL
> knowledge in the Python core team, I propose to "outsource" the problem:

Thanks!  We can sure use some help here.

> It should be possible to define a "Python SSL interface" that describes
> an API for SSL. The various modules in Python that use SSL (urllib,
> smtp, ...) would then be rewritten to use the new API. The
> socketmodule.c would be rewritten to use the new API instead.

I've just started digging in the socketmodule.c for a different
reason, and I propose to move all the SSL stuff to a separate file and
module.

> Then, wrappers could be written for the various SSL modules that wrap
> them into the new "Python SSL interface" API.

This is a good idea.  The DB API works like this.

> As for me, I'm not an expert in SSL, but I'd be willing to try
> coordinate the efforts, write a PEP, talk with the module maintainers
> and such.

But we do need *an* expert, don't we?  Maybe you can develop expertise
as you go?

> I'd be grateful to hear your opinions about this newbie proposal :-)

You don't sound much like a newbie. :-)

--Guido van Rossum (home page: http://www.python.org/~guido/)