[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Client certificates.

From: Mark Welch <mark_at_collab.net>
Date: 2002-08-01 20:35:39 CEST

Pardon me for chiming in here, but I've been working on an SSL sleeve
for CVS for a while at Collab. So, while I'm coming up to speed on
subversion, this seems like a good point for me to jump into the discussion.

Daniel Berlin wrote:

> Which certs should be used.
> What CA's to trust is a seperate feature request (IE something else's
> job).
> :)
> We already have a callback, but we just say we trust everything.

If you're talking about supporting certificates and you take
certificates seriously, it is not "something else's job" to trust CA
certs. The problem here is the same as in web browsers -- you don't want
to force users to make a fundamental decision about trust, because they
will very likely get it wrong.

What I think this means in a practical sense is that it ought to be easy
for others (release engineers at companies using X.509 infrastructure,
for example) to rebuild svn installers on each platform with the CA
cert(s) they want to trust.

If there's a place where I can jump in and help with this, let me know.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Aug 1 20:36:30 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.