[ On Tuesday, June 6, 2000 at 16:02:17 (-0400), Noel L Yap wrote: ]
> Subject: Re: SRP implementation in CVS
>
> On one hand I'd like to keep CVS minimal. OTOH, I'd like to minimize the
> involvement of sysadmins. Perhaps SSH or a cvs wrapper /is/ solution to both
> problems (eg have read-only users SSH into one read-only CVS account in which
> they can only do "cvs server" or have something else do the authentication).
> I'm not completely convinced yet; I'll have to analyze it a bit more.
So long as any wrapper system that doesn't use system accounts is kept
completely separate from CVS it'll be hard to blame CVS for the lack of
accountability such a system inherently introduces... :-)
> Also, from what I've read of SRP, it does prevent MITM attacks even though the
> protocol doesn't encrypt what goes on the wire. In the end, the user and host
> share a common session key but anyone eavesdropping can't derive that session
> key nor will they ever catch the key since it's never transmitted.
Such MITM attacks are only prevented during the authentication phase.
Once the authorised connection is up and running it's ripe for theft for
other disruption.
SRP might have stronger authentication than SSH does by default, but SSH
has far superior transport integrity and confidentiality by default.
--
Greg A. Woods
+1 416 218-0098 VE3TCP <[EMAIL PROTECTED]> <robohack!woods>
Planix, Inc. <[EMAIL PROTECTED]>; Secrets of the Weird <[EMAIL PROTECTED]>
