rahul wrote: > (*)Yes, and the best way is not self-evident in most cases either. In this > case, we would be forcing the administrator to setup two listeners one > secure and the other non secure even in cases where it is not really > useful like a local lan. (Setting up an ssl listener is much more complex > than setting up a simple http listener.)
It doesn't have to be and isn't in many cases. It is also very wrong to take the "local lan" stance to security. In fact in a lot of peoples work environments the "local lan" is actually the most vulernerable place of all. Consider that when sitting in a coffee house using free wifi your "local lan" is completely untrustworthy. So please don't try and argue for weak authentication based on "local lan". > We should not be adding more complexity to the most basic use case, and > should let the administrator decide what is necessary when. We should also be protecting the *user* from sending authentication information in the clear when it doesn't have to be. You aren't just protecting the user but protecting the repository. Given that the whole point of this CR is to add authentication there is an assumption that someone actually cares about the integrity of what is in the repository, so they should care about wither the authentication can easily be spoofed, hijacked and replayed. > | I disagree I don't ever want to see clear text creds go over the wire > | and in my opinion it is as much the clients responsibility as the servers. > | > | For example SSH doesn't work that way and its standard too. > That is a tautology :) > > ssh does not distinguish between credentials or other data. Yes it does (I was the editor of the RFCs in the IETF working group for a while so I know the protocol pretty well) > Are there any standards that switches between non tls and tls for auth? Depends what you mean by "switches". If you look at what some websites do they use https for the GET and POST of the page that requests and sends user credentials and http for the actual data. > Most let the administrator decide: > imap, webdav/http, pop3, ftp, svn, irc, telnet ... etc. Don't push on to the admin choices about security that the developer can make instead. -- Darren J Moffat _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
