[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: connection establishment todo, secure transport, sasl temporary alternative

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: 2002-12-03 18:23:21 CET

As Garrett pointed out, ra_svn doesn't use Apache. And one of my goals
in writing ra_svn was to eventually support the full range of SASL
mechanisms, not the limited range of authentication options available
through HTTP. SSL and ssh may be good enough for 90% of the user
population, but there are krb5 sites (like my workplace), and SRP sites,
and OTP sites, and smartcard sites, and it would be nice if Subversion
could fit into those infrastructures.

Anyway, a goal of what's listed in todo is to make it impossible to use
plain-text passwords with ra_svn. If the client and server send a
secret, there is no good reason to compromise that secret by blatting it
over the network in the clear. Plain-text passwords over SSL is secure,
but openssl is not a mandatory dependency of Subversion.

I'm still a bit nervous about implementing a native username/password
mechanism at all (whether PLAIN or CRAM-MD5 or SRP), because it wouldn't
be possible for us to be file-format compatible with Cyrus-libsasl on
the server. So maybe the native code will only implement ANONYMOUS and
EXTERNAL (for EXTERNAL read "tunneled over ssh"), and you'll have to
link in libsasl for anything else.

(Once libsasl is integrated, SSL will be possible via the STARTTLS
mechanism.)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Dec 3 18:24:09 2002

This is an archived mail posted to the Subversion Dev mailing list.