On 21.11.2014 16:05, Schulz, Gunther wrote: > > - strangely I was asked if I want to store the hostkey > certificate which worked seemlessly >
The server certificate does not contain any passwords or private keys, and anyone can download it simply by creating an SSL connection to your server (with 'openssl s_client', for example). So it's not considered insecure to store that on disk, unencrypted. There is a possible attack vector through that: Since Subversion was told to trust the stored certificate, one can imagine a situation where an attacker (a) subverts IP routing and/or DNS to redirect your connections to their own server, with a different certificate; (b) breaks in to your, and (c) every other, client machine to change their stored server certs. However, at least (c) unlikely. OTOH, since "unlikely" is not the same as "can't happen", we should perhaps consider not storing the server cert, too, if plaintext password storage is disabled. -- Brane P.S.: Compare the above scenario with the far more simple and likely one where the attacker breaks into your server and steals it wholesale, including the server's private key.
