>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:
NLY> Has anyone thought of implementing SRP in CVS? FYI, SRP stands for
NLY> Secure Remote Password. The protocol enables password authentication
NLY> without sending passwords through the wire either in plaintext or
NLY> encrypted. I'm thinking this protocol, coupled with cookie (ie
NLY> .cvspass) aging, would greatly increase the security of pserver.
http://alexm.here.ru/cvs-nserver/ architecture allows for very simple
SSLizing of CVS-pserver. The problem (if that is the problem) is to find
somebody who will write cvs-sslserver and SSLize the client.
(I hope that no one will ever propose using something different from
SSL/TLS? ;)
And yes, SSL support is greatly needed.
dash dash tragedy
