subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Fourès <pierre.fou...@gmail.com>
Subject Re: Is Permanently Accept SSL Certificate gone in 1.10.4 ?
Date Fri, 26 Jul 2019 20:21:38 GMT
Le sam. 20 juil. 2019 à 20:54, Daniel Shahaf <d.s@daniel.shahaf.name> a écrit :
>
> Stefan Sperling wrote on Sat, 20 Jul 2019 09:51 +00:00:
> > But as a user I find it infuriating when software I use contains
> > artificial restrictions like this. We should assume our users know
> > what they are doing. Subversion is not a web browser.
>
> I'm not entirely sure I'm convinced by this logic.  Let's take OpenSSH for example:
>
> [[[
> % ed .ssh/known_hosts
> g/^hermes/d
> s/^[^ ]*/hermes.apache.org/
> w
> q
> % ssh hermes.apache.org
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that a host key has just been changed.
> The fingerprint for the ECDSA key sent by the remote host is
> SHA256:gJUlDrKOTnUQ/lAx6eM4Ylq6z/5ere2tJoLEgrfM++A.
> Please contact your system administrator.
> Add correct host key in /home/daniel/.ssh/known_hosts to get rid of this message.
> Offending ECDSA key in /home/daniel/.ssh/known_hosts:26
>   remove with:
>   ssh-keygen -f "/home/daniel/.ssh/known_hosts" -R hermes.apache.org
> ECDSA host key for hermes.apache.org has changed and you have requested strict checking.
> Host key verification failed.
> zsh: exit 255   ssh hermes.apache.org
> ]]]
>
> The error message does not give a way to continue the operation, but it
> does tell you what command to run if you would like to proceed anyway.
> This way, the buck stops with the user, but the program makes it quite
> clear that this is an abnormal situation and caution should be
> exercised.
>
> Should we do something similar (but without the all-caps?  That's why
> I proposed writing a command that takes a certificate on stdin and marks
> it as trusted.
>
> Daniel

>From a user perspective, I would also appreciate to be able to take my
responsibilities to accept unsafe operations. Having the choice to can
accept permanently the certificate, and then getting a special warning
message to confirm I really know what I do, because there is unknown
errors reported, would definitively help to report the responsibilities on
the users while let him/her chose to take (or not) the said responsibilities.

Best Regards,
Pierre.

Mime
View raw message