>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:
NLY> Yes, I should've been more specific as to what part of CVS would be
NLY> affected. To clarify the proposal, "cvs login" would be changed to
NLY> use the SRP protocol.
no. SSL is used to assure that yes, client.developer.com talks to yes,
cvs.megacorp.com, and does it securely. cvs-sslserver sets up SSL
connection with cvs-client. Then the password goes over the encrypted wire
and authentication module on server side fires up. Upon successful
authentication "cvs pserver" starts communicating with cvs client.
NLY> I'm starting to think this would bloat CVS
NLY> since it would introduce some encryption algorithms.
No, cvs-nserver scheme will just require to write cvs-sslserver (separate
binary) and SSL hooks in client (I've seen SSL support in fetchmail,
sendmail and qmail and it is not bloated, if you fear of it).
dash dash tragedy
