Re: [RFC] Authenticate push via PGP signature, not SSH

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Johannes Sixt

Subject: Re: [RFC] Authenticate push via PGP signature, not SSH

Date: Wednesday, January 30, 2008 - 1:00 am

Shawn O. Pearce schrieb:
quoted text> I'm currently finishing a side-band-64k protocol extension to the
> send-pack/receive-pack pair.  My next task after I flush those
> RFC patches out to the list tonight will be to prototype at least
> some of the auth1 extension I described.

I propose to make the syntax of the extension

server capability:  auth=<list of hash methods>:<challenge>
client response:    auth=<chosen hash method>

where <challenge> is a random sequence of non-blank ASCII text, not
necessarily of a fixed length, but perhaps of a minimum length.

Then we can extend the list of hash algorithms (that are used for
authentication purposes) if people think that SHA1 is not secure enough:

    auth=SHA1,SHA256:random-stuff-goes-here

I'm not a security expert, so take this with a grain of salt.

-- Hannes
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[RFC] Authenticate push via PGP signature, not SSH, Sam Vilain, (Sun Jan 27, 9:12 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Shawn O. Pearce, (Mon Jan 28, 1:12 am)

Re: [RFC] Authenticate push via PGP signature, not SSH, Pierre Habouzit, (Mon Jan 28, 1:48 am)

Re: [RFC] Authenticate push via PGP signature, not SSH, Jan Hudec, (Mon Jan 28, 2:06 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Sam Vilain, (Mon Jan 28, 2:58 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Shawn O. Pearce, (Mon Jan 28, 7:57 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Shawn O. Pearce, (Mon Jan 28, 9:10 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Pierre Habouzit, (Tue Jan 29, 12:08 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Shawn O. Pearce, (Tue Jan 29, 9:22 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Sam Vilain, (Tue Jan 29, 10:55 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Shawn O. Pearce, (Tue Jan 29, 11:16 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Sam Vilain, (Tue Jan 29, 11:29 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Shawn O. Pearce, (Wed Jan 30, 12:47 am)

Re: [RFC] Authenticate push via PGP signature, not SSH, Johannes Sixt, (Wed Jan 30, 1:00 am)

Re: [RFC] Authenticate push via PGP signature, not SSH, Pierre Habouzit, (Wed Jan 30, 1:33 am)

Re: [RFC] Authenticate push via PGP signature, not SSH, Pierre Habouzit, (Wed Jan 30, 1:35 am)

Re: [RFC] Authenticate push via PGP signature, not SSH, Sam Vilain, (Wed Jan 30, 1:22 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Sam Vilain, (Wed Jan 30, 6:18 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Shawn O. Pearce, (Wed Jan 30, 9:30 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Shawn O. Pearce, (Wed Jan 30, 10:43 pm)

Re: [RFC] Authenticate push via PGP signature, not SSH, Pierre Habouzit, (Thu Jan 31, 2:25 am)


linux-kernel:
Mel Gorman	Re: [PATCH 1/4] vmstat: remove zone->lock from walk_zones_in_node
Guenter Roeck	Re: [lm-sensors] Location for thermal drivers
David Woodhouse	Re: RFC: Moving firmware blobs out of the kernel.
Siddha, Suresh B	Re: [PATCH 2.6.21 review I] [11/25] x86: default to physical mode on hotplug CPU k...
Peter Zijlstra	Re: [patch 4/6] mm: merge populate and nopage into fault (fixes nonlinear)
git-commits-head:
Linux Kernel Mailing List	[MIPS] Fix potential latency problem due to non-atomic cpu_wait.
Linux Kernel Mailing List	USB: rename USB_SPEED_VARIABLE to USB_SPEED_WIRELESS
Linux Kernel Mailing List	lib/vsprintf.c: fix bug omitting minus sign of numbers (module_param)
Linux Kernel Mailing List	[Bluetooth] Initiate authentication during connection establishment
Linux Kernel Mailing List	[POWERPC] 4xx: Add ppc40x_defconfig
linux-netdev:
MERCEDES	Your mail id has won 950,000.00 in the MERCEDES Benz Online Promo.for claims send:
David Miller	Re: [PATCH] xen/netfront: do not mark packets of length < MSS as GSO
David Miller	Re: skb_segment() questions
Shan Wei	[RFC PATCH net-next 2/5]IPv6:netfilter: Send an ICMPv6 "Fragment Reassembly Timeou...
Stanislaw Gruszka	[PATCH 1/4] bnx2x: use smp_mb() to keep ordering of read write operations
git:
Nicolas Sebrecht	git-svn died of signal 11 (was "3 failures on test t9100 (svn)")
Junio C Hamano	Re: [PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
Martin Langhoff	Re: [PATCH] GIT commit statistics.
Alexandre Julliard	[PATCH] gitweb: Put back shortlog instead of graphiclog in the project list.
Josh Triplett	[PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
openbsd-misc:
Taisto Qvist XX	Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics wi...
Nico Meijer	Re: gOS Develop Kit with VIA pc-1 Processor Platform VIA C7-D
Andreas Bihlmaier	Re: jetway board sensors (Fintek F71805F)
admin	Drive a 2009 car from R799p/m
Antti Harri	Re: how to create a sha256 hash