Re: New auth system and hostname mismatch

From: mark benedetto king <mbk_at_boredom.org>
Date: 2003-04-22 14:58:43 CEST

On Tue, Apr 22, 2003 at 12:26:49PM +0100, Joe Orton wrote:
> On Tue, Apr 22, 2003 at 10:53:38PM +1200, Adam Warner wrote:
> > Enforcing this simply requires me to transfer ~US$500pa of wealth to a CA
> > so they can add *. to the certificate name. It provides zero extra
> > security for visitors than simply treating the certificate as wildcard in
> > the first place. Think about it.

Right. But I want to know that I'm connecting to https://mybank.com
and not https://disgruntled-employee.fleetbank.com.

> ra_dav/neon's server cert support is not yet finished: when SVN can
> cache certs (or fingerprints) after an initial "this cert, issued to X,
> is not trusted for reasons Y and Z" prompt, all these problems go away
> (along with the config options).
>

Yes; no need to manually configure what can simply be solved via
cert-cache.

--ben

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 22 14:59:39 2003

This message: [ Message body ]
Next message: A.G. van der Vlies: "Re: Help..... (fwd)"
Previous message: Ben Collins-Sussman: "Re: [Issue 1230] - dedicated 'svn export' editor"
In reply to: Joe Orton: "Re: New auth system and hostname mismatch"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]