[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Secure svnserve?

From: Branko Čibej <brane_at_apache.org>
Date: Fri, 25 Nov 2016 11:35:33 +0100

On 25.11.2016 11:29, Olaf van der Spek wrote:
> On Fri, Nov 25, 2016 at 11:20 AM, Branko Čibej <brane_at_apache.org> wrote:
>> On 25.11.2016 11:11, Olaf van der Spek wrote:
>>> Wouldn't it be good if svnserve supported encryption directly?
>> It would be a moderately nice-to-have feature, but given that stunnel
>> exists, it's not necessary. In fact, it's better not to reinvent
>> security features that are available in existing, mature software.
> Using TLS isn't exactly reinventing security features is it?

"Using TLS" isn't a security feature. Secure private key management,
server certificate verification including OCSP/CRL, perfect forward
secrecy etc. etc. are ... and they don't come for free just by linking
OpenSSL into an application. There's plenty of room for bugs in the
implementation.

-- Brane
Received on 2016-11-25 11:35:36 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.