On Mon, 2006-02-27 at 19:37 -0600, Ben Collins-Sussman wrote:
> * He heavily
> recommends we take a look at it, that it's much better than
> svnserve's CRAM-MD5.
The cram-md5 code is there because it's (1) implementable in a very
small amount of code, and (2) a defined SASL mechanism. I have no
illusions that it has good authentication properties, except that an
attacker listening to the network would have a very difficult time
recovering the password.
I don't want to see us adding more original authentication code to
svnserve, particularly if it's not a defined SASL mechanism. Instead, I
want someone to write code to link ra_svn and svnserve against a SASL
library which will do all this work for us. We know there are some
issues there, and it's not an easy bit of glue to write, but more
homegrown crypto does not seem like the answer.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Mar 2 19:05:42 2006