From users-return-3638-daniel=haxx.se@subversion.apache.org Fri Jul 9 16:55:55 2010 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on giant.haxx.se X-Spam-Level: X-Spam-Status: No, score=-1.5 required=3.0 tests=BAYES_00,FREEMAIL_FROM, T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by giant.haxx.se (8.14.3/8.14.3/Debian-9.1) with SMTP id o69EtsSO003662 for ; Fri, 9 Jul 2010 16:55:55 +0200 Received: (qmail 67564 invoked by uid 500); 9 Jul 2010 14:55:46 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 67557 invoked by uid 99); 9 Jul 2010 14:55:45 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Jul 2010 14:55:45 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS Received-SPF: pass (nike.apache.org: domain of nkadel@gmail.com designates 209.85.212.43 as permitted sender) Received: from [209.85.212.43] (HELO mail-vw0-f43.google.com) (209.85.212.43) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Jul 2010 14:55:39 +0000 Received: by vws4 with SMTP id 4so3146402vws.16 for ; Fri, 09 Jul 2010 07:54:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=pvm3MUjKbw9Cpwv/s3dK4CbIM0xP7ky0JAiNw1Afz4Q=; b=mrHyP9VZKGQlEzwHnm2nQvDCAtbzRsTSkXVUFeNusSXZa+v36Pp4BPmuqey/Z1NhPj ZKhNxyWFQGek1u8XdJSRWuoYRzu/qaiKPzvDRvA4kRPZydSmaLR9bd8QOd1qrrzpGPxs 5DwgONNmYR6adrIcp+9ENtIdaThSLYS/rc0Rs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=CWfXHsr+RIBsiWL2upp4qYZVNiYsquyFvYCkKLUZAP115/AvHSWU0jIOeIeZqXvmpl ze4xhVtn5ikW/HLidP76R90sY/33Ow66okmbzow1S/4kuiDtbZ2rSuspZiyxQlXW/aDn hyvHQdpbF0IZD21OQ4UC+wJo4FlNF51Aif/3M= MIME-Version: 1.0 Received: by 10.220.125.16 with SMTP id w16mr5268017vcr.84.1278687258766; Fri, 09 Jul 2010 07:54:18 -0700 (PDT) Received: by 10.220.166.206 with HTTP; Fri, 9 Jul 2010 07:54:18 -0700 (PDT) In-Reply-To: <20100709023127.GC14538@daffy.research.stellent.com> References: <1E7D8B9109FF2A47AE8EF6E461B63CC1015925BC00E9@SECMELMBS01.securency.com> <20100709023127.GC14538@daffy.research.stellent.com> Date: Fri, 9 Jul 2010 10:54:18 -0400 Message-ID: Subject: Re: How to choose between svn & http? From: Nico Kadel-Garcia To: Alec Kloss Cc: David Brodbeck , users@subversion.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.3.5 (giant.haxx.se [80.67.6.50]); Fri, 09 Jul 2010 16:55:55 +0200 (CEST) X-Friend: Nope On Thu, Jul 8, 2010 at 10:31 PM, Alec Kloss wrote: > On 2010-07-08 17:04, David Brodbeck wrote: >> >> On Jul 8, 2010, at 4:49 PM, Nico Kadel-Garcia wrote: >> > A local comparison is often best, especially when operating over HTTPS >> > or svn+ssh for security reasons: Because of the continuing storage of >> > HTTP/HTTPS/svn/SSH passwords in clear-text by the UNIX or Linux >> > versions of Subversion, I don't trust anything but the svn+ssh public >> > key based access for public use. Unfortunately, this does cause a >> > noticeable performance hit. >> >> It's worth pointing out that the private key has to have a passphrase, f= or this to be a security improvement. Otherwise all you've accomplished is = to leave the password-equivalent in ~/.ssh instead of in ~/.svn. ;) =A0I me= ntion this only because a lot of the applications for SSH public keys invol= ve passwordless login. >> > [chop] > > I feel a little like a broken record, but... > > using GSSAPI (or Negotiate for HTTPS) substantially reduces the security > issues by integrating authentication into the rest of a managed > single-sign-on system. =A0GSSAPI/Negotiate also has the feature of workin= g > in all four remote access protocols for Subversion. =A0The downside is > difficulty in configuration and poor support in some (or many or perhaps > all) binary distributions of Subversion. =A0I have to admit, I don't thin= k > very highly of ssh public-key authentication; =A0I have a hard time > believing very many users or administrators carefully protect, rotate, > and revoke RSA keys in a timely manner, which seems to me to > substantially reduce the security of ssh public-key "infrastructure". It's a longstanding problem. Much as Subversion on UNIX and Linux, by default, allows the plaintext saving of passwords, the SSH key management tools allow the saving of passphrase free keys. GSSAPI is cool. It does take more setup work, and the default versions of OpenSSH on many industry standard releases do not support it, nor does the "stable" release of Putty. Various development versions do permit this, but then the setup has to play well with the ownership of the files on the server (which svn+ssh does by using a single designated user) or for shared account access, the setting of the correct username for logging (which svn+ssh key management does by setting svnserve command line options).