Re: login failure on WindowsNT

info-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: login failure on WindowsNT

From:	Rich Salz
Subject:	Re: login failure on WindowsNT
Date:	Tue, 17 Oct 2000 14:56:29 -0400

> Then cvs:// could mean connect to port 2401 and ask
> what authentication methods are valid.  The server would respond with a list 
> and
> the client would use whatever it thinks is the most secure to authenticate 
> and set
> up an encryption stream.

Oooh, no, you *DON'T* want to do that -- it's a classic "man in the
middle" attack.  I can sit between you and the server and force you to
downgrade to a lower security level.  Early SSL had this problem. 
Designing security protocols is hard.  Recommend we stick to one hard
problem (source control) here.
        /r$

[Prev in Thread]

Current Thread

[Next in Thread]

Re: login failure on WindowsNT, (continued)
- RE: login failure on WindowsNT, John Scott - Outlook, 2000/10/12
  - Re: login failure on WindowsNT, Derek R. Price, 2000/10/12
- Re: login failure on WindowsNT, Derek R. Price, 2000/10/12
- Re: login failure on WindowsNT, Derek R. Price, 2000/10/12
- Re: login failure on WindowsNT, rsalz, 2000/10/12
  - Re: login failure on WindowsNT, Derek R. Price, 2000/10/17
    - Re: login failure on WindowsNT, Rich Salz <=
    - Re: login failure on WindowsNT, Derek R. Price, 2000/10/17

Prev by Date: Re: login failure on WindowsNT
Next by Date: cvsweb patch for ro annotate
Previous by thread: Re: login failure on WindowsNT
Next by thread: Re: login failure on WindowsNT
Index(es):
- Date
- Thread