Rick van Rein <rick@xxxxxxxxxxxxxxx> writes: > SASL assumes that the endpoints can hold state and progress through any > challenge/response exchange, in multiple steps if needed. This is not > trivial with stateless HTTP, but we fixed it with a "s2s" argument which > can hold the (datestamped, signed, encrypted) state on the server side. That's nice to know, and its applications below do look useful, at least to me. > A few mechanisms that spring to mind as useful with Git over HTTP-SASL are > > - Kerberos / GSS-API, desirable for companies using its single sign-on > _ FIDO, currently being added to SASL to benefit all protocols > - OPAQUE, a very modern crypto, developed in IETF now > - SXOVER-PLUS, our own work that calls back to a user's domain for login > (so no server-stored credentials needed, only access control) > > I'm curious if this would indeed be considered an improvement to Git. > > Cheers, > -Rick
