On Wednesday 20 October 2004 22.17, Greg Hudson wrote:
> On Wed, 2004-10-20 at 09:34, Sigfred Håversen wrote:
>
> The issue is that old clients need to be able to access new servers.
> Whether to allow access (anonymous or not) without SSL is a policy
> issue, and shouldn't be hardcoded into our code base.
Understandable, but then I assume this policy will be an option either to
svnserve, or an option specified in the repo config file.
>
> > We could allow non-SSL access for anonymous users, but all other users
> > are required to use SSL. svnserve could send this in the greeting as a
> > new capability "ssl-auth", meaning that anonymous access may or may not
> > be encrypted at the discreetion of the client.
>
> Capabilities should not be used to express policy, only what the server
> and client are capable of. If further negotiation is necessary, it
> needs to be done through some other aspect of the protocol--either a new
> field in the greeting, or an interchange before the SSL handshake.
Agreed.
...
> That model presents an issue for client certificate authentication,
> which needs to happen during an SSL handshake. Can we re-handshake
> during an authentication challenge?
Yes, it is possible to renegotiate to require to client to use a valid client
certificate.
...
>
> In another message:
> > If the certificate is specified in the repo config, then svnserve does
> > not know if it has a valid certificate when a client connects. All it
> > knows is that it can handle SSL, if needed. The more tricky part is to
> > handle the SSL handshake, and that probably require more communication
> > between client and svnserve before actual SSL handshake.
>
> At least at a protocol level, SSL can be used without any certificates,
> in which case it provides confidentiality but no authentication. Can
> OpenSSL do this? It might actually be nice if, with no certificate
> configuration whatsoever, ra_svn clients and servers used
> Diffie-Hellman-protected communication, rendering casual network attacks
> impossible.
I'm not sure why one would run SSL enabled svnserve and not use a server
certificate. We could supply a script that the repo administrator could use
to make a certificate for use with svnserve. This is an approach done with
several other servers, like courier-imap.
/Sigfred
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 23 15:54:28 2004