> No. Or actually, unlikely. When using client certificates (really, > mutually authenticated SSL), you typically have a password for your > private key. And typically software that deals mainly with security will > be very careful with how it uses passwords. So, the password to unlock > the private key will not be stored in clear text, and can be handled > securely.
I should point out that I have actually not looked at how svn clients handle https and client certs. If it turns out they store your private key password in clear text, then pje is right and this is (almost) a moot point. You'd still gain: no password on the server. -- Heikki Toivonen
signature.asc
Description: OpenPGP digital signature
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Open Source Applications Foundation "Dev" mailing list http://lists.osafoundation.org/mailman/listinfo/dev
