Greg Stein <gstein@lyra.org> writes:
> I could also maintain that using certs would *simplify* things. No more need
> for system accounts or authorized_keys(2) or setting up CVS_RSH variables or
> any of that.
>
> Six of one, half-dozen of another...
1) I don't need to give people system accounts to allow them to access
CVS via ssh.
2) I need to run sshd anyway. A new program is more code to audit.
3) authorized_keys files are a lot easier to deal with than certs.
> Yes, people have SSH infrastructures set up. And obviating those will
> definitely play a part in using SVN. I would hope that most people will
> establish a private CA for their server and then issue certs for their
> users. The server can then say "only allow people with certs issued by me"
> rather than needing to track every single user and set of keys.
That's a great way to screw yourself. Consider just what happens when
you have to deal with revoking access. You need an online list of
authorized users anyway, at which point you need to track every single
user and tracking keys becomes a trivial extension.
Kohnfelder's undergraduate thesis on certificates has spawned more
evil than one could possibly imagine. The entire idea that you could
do off-line verification based on cert signings and revocation lists
reeks of "ill thought out idea produced to get a degree", and here it
is, over twenty years later, and people still haven't figured it
out. The marketplace has, of course -- look at what happened to Certco
and company -- but folks keep believing the snake oil.
--
Perry E. Metzger perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 17:37:40 2002