On 25.11.2016 11:29, Olaf van der Spek wrote: > On Fri, Nov 25, 2016 at 11:20 AM, Branko Čibej <br...@apache.org> wrote: >> On 25.11.2016 11:11, Olaf van der Spek wrote: >>> Wouldn't it be good if svnserve supported encryption directly? >> It would be a moderately nice-to-have feature, but given that stunnel >> exists, it's not necessary. In fact, it's better not to reinvent >> security features that are available in existing, mature software. > Using TLS isn't exactly reinventing security features is it?
"Using TLS" isn't a security feature. Secure private key management, server certificate verification including OCSP/CRL, perfect forward secrecy etc. etc. are ... and they don't come for free just by linking OpenSSL into an application. There's plenty of room for bugs in the implementation. -- Brane
