[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Issue 650] Changed - certificate handling

From: Peter Mathiasson <peter_at_mathiasson.nu>
Date: 2002-04-09 22:37:41 CEST

On Tue, Apr 09, 2002 at 11:20:57AM -0400, Greg Hudson wrote:
> On Tue, 2002-04-09 at 11:04, Kevin Pilch-Bisson wrote:
> > Sorry, I should have read the whole issue. I would say that only a small part
> > of the stuff mentioned in the issue needs to be done for alpha. Namely
> > caching the server certs or there fingerprints so that we can detect
> > man-in-the-middle attacks.
> Eh? This is not ssh. Either a certificate is signed by a chain leading
> to a trusted CA or it's not.
> I suppose you could cache self-signed certificates so that you'd know if
> you're getting the same one each time, but certificates do expire, so
> that's not especially valuble.

I use self-signed certificates, and send them to thoose who need them
through a trusted channel; phone or gpg signed email.

Saving certificate fingerprints, or even whole certificates is a must.
There should also be a way to pre-install certificates prior to the
first use.

I'm not saying this is an important issue for the time being, but
sometime in the future it should be implemented.

Peter Mathiasson, peter at mathiasson dot nu, http://www.mathiasson.nu
GPG Fingerprint: A9A7 F8F6 9821 F415 B066 77F1 7FF5 C2E6 7BF2 F228

  • application/pgp-signature attachment: stored
Received on Tue Apr 9 22:38:43 2002

This is an archived mail posted to the Subversion Dev mailing list.