On Aug 25, 2004, at 3:24 PM, kfogel@collab.net wrote:
> Paul Ossenbruggen <paul.ossenbruggen@convoii.net> writes:
>> Request:
>> That in a new version, in the not too distant future, that the auth
>> directory is encrypted by svn. I mean, it really cool that, we have
>> all these SSL capabilities in svn and this would be the last chink in
>> the armor.
>
> Encrypt it according to what key? A key that the user would then have
> to type in in order to decrypt the data? How inconvenient... Let's
> cache the key...
>
> You see where this leads.
It can lead to something entirely sensible like ssh-agent or AFS tokens.
The key is then cached in memory only (locked, non-pageable memory if
the OS allows for that).
That way
- users only have to occasionally type the password, which may be a
huge improvement over typing it for every svn command
- if someone steals a machine (physical access compromise), unless they
manage to compromise it without every shutting it off or rebooting
(software compromise w/o most advantages that a physical compromise
usually grants), they will be unable to get the keys from memory (for
most practical attackers).
- if someone compromises the disk backups, they don't get the keys.
This is often a huge worry for security people.
The key may remain available in memory to the user indefinitely (until
memory is cleared via, e.g. reboot) or it may expire after a certain
amount of time similar to AFS tokens (this makes security people
happy).
A system like this is more complicated, but would have significant
advantages over what is currently available.
-Travis
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 26 00:20:37 2004