On Sat, 2004-10-23 at 09:53, Sigfred Håversen wrote:
> I'm not sure why one would run SSL enabled svnserve and not use a server
> certificate.
People won't always actively make a choice to run an svnserve built with
SSL support. Typically they'll be using whatever a binary packager
built for them. If we can make the default communication between
svnserve and clients more secure, we should at least consider it.
> We could supply a script that the repo administrator could use
> to make a certificate for use with svnserve. This is an approach done with
> several other servers, like courier-imap.
Then you have to get the certificate to the clients (if a client simply
accepts what the server presents over the ra_svn connection, that's no
better than D-H). We're never going to accomplish true security without
some out-of-band work on the part of the administrator, and many
administrators aren't going to go to that work. So it's always worth
considering what we can do in the keyless case.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 23 17:50:57 2004