[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Issue 650] Changed - certificate handling

From: Kevin Pilch-Bisson <kevin_at_pilch-bisson.net>
Date: 2002-04-09 17:04:09 CEST

On Tue, Apr 09, 2002 at 09:07:25AM -0500, cmpilato@collab.net wrote:
> Kevin Pilch-Bisson <kevin@pilch-bisson.net> writes:
>
> > > + Given that SSL without certs earns us a CVS-matching encryption level,
> > > + assigning this a post-1.0 milestone.
> > >
> > This cert handling is required to use SSL properly. We need to be able to
> > verify that the server cert is valid. For example warn about self-signed
> > server certs, etc.
> >
> > Without this cert handling, SSL buys us no security whatsoever (well
> > not much at least).
>
> So what should the milestone be, 'alpha' (my remarks in the issue were
> based *entirely* on comments already in the issue) ?

Sorry, I should have read the whole issue. I would say that only a small part
of the stuff mentioned in the issue needs to be done for alpha. Namely
caching the server certs or there fingerprints so that we can detect
man-in-the-middle attacks. That's about the only thing we're missing compared
to CVS with an SSH tunnel. 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kevin Pilch-Bisson                    http://www.pilch-bisson.net
     "Historically speaking, the presences of wheels in Unix
     has never precluded their reinvention." - Larry Wall
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • application/pgp-signature attachment: stored
Received on Tue Apr 9 17:09:27 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.