On Thu, Sep 4, 2014 at 1:04 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote: > Record the URL of the intended recipient for a push (after > anonymizing it if it has authentication material) on a new "pushee > URL" header. Because the networking configuration (SSH-tunnels, > proxies, etc.) on the pushing user's side varies, the receiving > repository may not know the single canonical URL all the pushing > users would refer it as (besides, many sites allow pushing over > ssh://host/path and https://host/path protocols to the same > repository but with different local part of the path). So this > value may not be reliably used for replay-attack prevention > purposes, but this will still serve as a human readable hint to > identify the repository the certificate refers to. Well, a push cert validator could require the pushee use specific URL(s) known to it. The server operator knows their URL space and could just demand that users use ssh://host/path and https://host/path and nothing fancy like aliases in ~/.ssh/config. But I think you are right to punt on that and let the cert validator hook written by the server operator to decide if pushee should be verified. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html