On 20 November 2015 at 17:20, Mark Phippard <[email protected]> wrote: > I've always felt the same, but now that I've used SSH more (with Git) I kind > of question it. > > Are HTTP client certs much better than passwords? The cert itself still has > to be physically secured and if you protect the cert with a passphrase then > you have all of the same cache problems that passwords do. > HTTP client certs a slightly better than passwords because evildoer cannot intercept password over the wire. But on the other hand connection is already encrypted so even plain-text password is not big problem.
-- Ivan Zhakov
