Re: Problem with SSL auth with preshared certs E120171

From: Ron Wilson <ronw.mrmx_at_gmail.com>
Date: Fri, 17 Jan 2014 18:23:47 -0500

On Fri, Jan 17, 2014 at 3:14 PM, Stefan Küng <tortoisesvn_at_gmail.com> wrote:

> First: do not use preshared key authentication. Just don't.
> http://technet.microsoft.com/en-us/library/cc782582%28v=WS.10%29.aspx
>

Very true.

What would work is for both sides to have the other side's public
certificate. Since
public certs are already "public", you would not be leaking security
information.
This reduces the possibility of receiving a forged public certificate.

(FYI, the above is simplified for clarity. If you are interested in a
detailed
explanation, the OpenSSL website has that and much more.)

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3071744

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2014-01-18 00:23:58 CET

This message: [ Message body ]
Next message: Simon D Morris: "Re: Problem with SSL auth with preshared certs E120171"
Previous message: kloertscher_at_ups.com: "Tree conflict"
In reply to: Stefan Küng: "Re: Problem with SSL auth with preshared certs E120171"
Next in thread: Simon D Morris: "Re: Problem with SSL auth with preshared certs E120171"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]