[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?

From: Pierre Fourès <pierre.foures_at_gmail.com>
Date: Fri, 26 Jul 2019 22:21:38 +0200

Le sam. 20 juil. 2019 à 20:54, Daniel Shahaf <d.s_at_daniel.shahaf.name> a écrit :
>
> Stefan Sperling wrote on Sat, 20 Jul 2019 09:51 +00:00:
> > But as a user I find it infuriating when software I use contains
> > artificial restrictions like this. We should assume our users know
> > what they are doing. Subversion is not a web browser.
>
> I'm not entirely sure I'm convinced by this logic. Let's take OpenSSH for example:
>
> [[[
> % ed .ssh/known_hosts
> g/^hermes/d
> s/^[^ ]*/hermes.apache.org/
> w
> q
> % ssh hermes.apache.org
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ECDSA key sent by the remote host is
> SHA256:gJUlDrKOTnUQ/lAx6eM4Ylq6z/5ere2tJoLEgrfM++A.
> Please contact your system administrator.
> Add correct host key in /home/daniel/.ssh/known_hosts to get rid of this message.
> Offending ECDSA key in /home/daniel/.ssh/known_hosts:26
> remove with:
> ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R hermes.apache.org
> ECDSA host key for hermes.apache.org has changed and you have requested strict checking.
> Host key verification failed.
> zsh: exit 255 ssh hermes.apache.org
> ]]]
>
> The error message does not give a way to continue the operation, but it
> does tell you what command to run if you would like to proceed anyway.
> This way, the buck stops with the user, but the program makes it quite
> clear that this is an abnormal situation and caution should be
> exercised.
>
> Should we do something similar (but without the all-caps? That's why
> I proposed writing a command that takes a certificate on stdin and marks
> it as trusted.
>
> Daniel

From a user perspective, I would also appreciate to be able to take my
responsibilities to accept unsafe operations. Having the choice to can
accept permanently the certificate, and then getting a special warning
message to confirm I really know what I do, because there is unknown
errors reported, would definitively help to report the responsibilities on
the users while let him/her chose to take (or not) the said responsibilities.

Best Regards,
Pierre.
Received on 2019-07-26 22:22:17 CEST

This is an archived mail posted to the Subversion Users mailing list.