[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Cache ssl client certificate passphrases

From: Mark Phippard <markphip_at_gmail.com>
Date: Fri, 9 May 2008 21:09:15 -0400

On Fri, May 9, 2008 at 8:29 PM, Branko ╚ibej <brane_at_xbc.nu> wrote:
> Mark Phippard wrote:
>>
>> Why would you object to
>> moving this into our password storage area, which on Windows and OSX
>> is very secure?
>
> Tut, tut. Read the patch again. It doesn't try to integrate with the
> Keychain/CryptAPI stores -- likely because they're too specific to the
> password rather than passphrase workflow.

Thank you! Finally, someone has identified the disconnect here. I
agree if it is storing plain text passphrase this has a lot less
value. When I asked Senthil to work on this patch, the whole point
was to leverage this encryption. So it sounds like we need to go back
and look at this more. That must have also been the API suggestion
you made in your initial comment.

Before we do that, it would be good to get acknowledgment from Joe and
anyone else that was against this patch to see if they would be in
favor of it if it was using our crypto facilities to store the
passphrase.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2008-05-10 03:09:30 CEST

This is an archived mail posted to the Subversion Dev mailing list.