On Tue, 28 August 2007, Petr Baudis wrote: > On Tue, Aug 28, 2007 at 01:16:00AM CEST, Jakub Narebski wrote: >> >> I like gits:// idea for "git over TLS", and I'm against "tls://". I wonder >> if it would be hard to implement "git overt TLS"? We could resurrect patch >> which allowed push over git protocol, onnly restricting pushing to gits >> protocol. > > How well can TLS help you with authentication? The encryption part of > ssh is really just minor for most of the uses (especially if you use ssh > just for pushing), authentication is the main reason we use it. >From http://en.wikipedia.org/wiki/Transport_Secure_Layer (emphasizis in the form of capital letters mine) TLS provides endpoint authentication and communications privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom they are communicating. The next level of security—in which both ends of the "conversation" are sure with whom they are communicating—is known as _MUTUAL AUTHENTICATION_. Mutual authentication requires public key infrastructure (PKI) deployment to clients unless TLS-PSK or TLS-SRP are used, which provide strong mutual authentication without needing to deploy a PKI. See also SMTPS; it surely uses client authentication, but I don't know if it is TSL or SMTP authentication. -- Jakub Narebski Poland - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
