Re: Is the svn:// protocol secure when encrypted via SASL?

I tried to capture the traffic with Wireshark, but it appears that everything is compressed over the wire anyway... so I can't tell if I'm looking at just compressed data, or compressed+encrypted data.

---
 - Keith Palmer
   ConsoliBYTE, LLC
   Ask for a quote! - QuickBooks Integration and Software Development
   keith_at_ConsoliBYTE.com
   1-860-341-1464
   http://www.ConsoliBYTE.com/
   Follow us on Twitter at: https://twitter.com/consolibyte
   AIM: consolibyte
   MSN: support_at_consolibyte.com
   Yahoo: consolibyte_at_yahoo.com
   Gtalk: consolibyte
   Skype: consolibyte
On Feb 15, 2011, at 4:21 PM, Mark Phippard wrote:
> On Tue, Feb 15, 2011 at 4:11 PM, Keith Palmer Jr. <keith_at_consolibyte.com> wrote:
>> 
>> We'd like to use the svn:// protocol to check out some code over a WAN, but we want to make sure that the code isn't traveling over the WAN in plain-text.
>> 
>> If we set up the repo to require min-compression 128 via SASL, does that encrypt *just the authentication* or does that *encrypt the actual data transfer* too?
>> 
>> 
>> I've asked just about everywhere else and can't seem to get a straight answer out of anyone- some people say yes, some people say no.
> 
> Capture a small checkout using Wireshark and see for yourself.
> 
> Reading this file:
> 
> http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt
> 
> And the Known Issues regarding TLS.  It almost sounds like the login
> process is a plain text conversation, although with DIGEST-MD5 perhaps
> still relatively secure, and then only after you have authenticated it
> can encrypt the data?
> 
> I think you would want to capture the traffic to see for yourself.  Or
> use something like SSH or https and not have any doubts.
> 
> -- 
> Thanks
> 
> Mark Phippard
> http://markphip.blogspot.com/