[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] SSL layer for svnserve

From: Sigfred Håversen <bsdlist_at_mumak.com>
Date: 2004-10-23 20:47:45 CEST

On Saturday 23 October 2004 17.50, Greg Hudson wrote:
> On Sat, 2004-10-23 at 09:53, Sigfred Håversen wrote:
> > I'm not sure why one would run SSL enabled svnserve and not use a server
> > certificate.
>
> People won't always actively make a choice to run an svnserve built with
> SSL support. Typically they'll be using whatever a binary packager
> built for them. If we can make the default communication between
> svnserve and clients more secure, we should at least consider it.
>
> > We could supply a script that the repo administrator could use
> > to make a certificate for use with svnserve. This is an approach done
> > with several other servers, like courier-imap.
>
> Then you have to get the certificate to the clients (if a client simply
> accepts what the server presents over the ra_svn connection, that's no
> better than D-H). We're never going to accomplish true security without
> some out-of-band work on the part of the administrator, and many
> administrators aren't going to go to that work. So it's always worth
> considering what we can do in the keyless case.
>

I'm concerned that we have always to consider two cases of SSL usage in the
source code : with or without server certificate, along with corresponding
cases in clients.

If we could make it easy to the repo administrator to start using SSL with
certificates, it will help security, even if it's not as automatic as in your
proposal. For instance, "svnadmin create" can automatically make a
self-signed certificate that is placed in the repo config directory. These
pre-made certificates can now be used by svnserve. Granted, most client users
will just accept this certificate, and not verify the certificate
fingerprint. The repo administrators that care about this, will have made
their certificate fingerprint available out-of-band, even if it's just
posting the fingerprint on a html page.

/Sigfred

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Oct 23 20:48:12 2004

This is an archived mail posted to the Subversion Dev mailing list.