subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Phippard <markp...@gmail.com>
Subject Re: svn+ssh long-lived daemon
Date Fri, 20 Nov 2015 14:20:49 GMT
I've always felt the same, but now that I've used SSH more (with Git) I
kind of question it.

Are HTTP client certs much better than passwords?  The cert itself still
has to be physically secured and if you protect the cert with a passphrase
then you have all of the same cache problems that passwords do.

With SSH there is infrastructure like ssh-agent that just does not exist
for HTTP.

Mark



On Fri, Nov 20, 2015 at 9:16 AM, Bert Huijben <bert@qqmail.nl> wrote:

> With the right tooling both operations should be equivalent. Perhaps it is
> easier to spend time on that.
>
>
>
> Bert
>
>
>
> Sent from Outlook Mail <http://go.microsoft.com/fwlink/?LinkId=550987>
> for Windows 10 phone
>
>
>
>
>
>
> *From: *Philip Martin
> *Sent: *vrijdag 20 november 2015 12:21
> *To: *Ivan Zhakov
> *Cc: *Daniel Shahaf;dev@subversion.apache.org
> *Subject: *Re: svn+ssh long-lived daemon
>
>
>
>
>
> Ivan Zhakov <ivan@visualsvn.com> writes:
>
>
>
> > 5. HTTPS authentication using client certificates
>
>
>
> Client certificates are a possibility.  There are some drawbacks: the
>
> signing authority has to be maintained, revoking a certificate is more
>
> complicated than removing a key from the authorized_keys file.
>
>
>
> --
>
> Philip Martin
>
> WANdisco
>
>
>
>
>



-- 
Thanks

Mark Phippard
http://markphip.blogspot.com/

Mime
View raw message