On Sep 5, 2010, at 23:26, Al Dimond wrote:
According to this page:
http://code.google.com/p/support/wiki/SubversionFAQ#What_does_%22use_the_fingerprint_to_validate_the_certificate
The SSL certificate for SVN checkouts should be:
4B:3A:10:4F:B1:C4:2C:24:B8:F3:AB:80:15:87:D7:E7:9F:DB:48:48
I get this instead:
85:78:89:4d:68:6b:75:33:f9:21:fb:b6:de:7d:e6:0e:70:1f:98:04
Does the page need to be updated, or am I getting MITM'd?
Since I asked myself on August 9, I've seen the cert fingerprint flip
back and forth between these two several times, and once to a
completely different fingerprint. Either there really is a MITM
attack, or there are two different servers which aren't configured
identically.
I would really appreciate the FAQ being updated to explain this other
fingerprint. Unexplained but “normal” fingerprint changes are a great
way to train users to ignore the security benefits of fingerprint
checking.
--
Kevin Reid <http://switchb.org/kpreid/>
--
You received this message because you are subscribed to the Google Groups "Project
Hosting on Google Code" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-code-hosting?hl=en.
