I tried to capture the traffic with Wireshark, but it appears that everything is compressed over the wire anyway... so I can't tell if I'm looking at just compressed data, or compressed+encrypted data.
--- - Keith Palmer ConsoliBYTE, LLC Ask for a quote! - QuickBooks Integration and Software Development ke...@consolibyte.com 1-860-341-1464 http://www.ConsoliBYTE.com/ Follow us on Twitter at: https://twitter.com/consolibyte AIM: consolibyte MSN: supp...@consolibyte.com Yahoo: consolib...@yahoo.com Gtalk: consolibyte Skype: consolibyte On Feb 15, 2011, at 4:21 PM, Mark Phippard wrote: > On Tue, Feb 15, 2011 at 4:11 PM, Keith Palmer Jr. <ke...@consolibyte.com> > wrote: >> >> We'd like to use the svn:// protocol to check out some code over a WAN, but >> we want to make sure that the code isn't traveling over the WAN in >> plain-text. >> >> If we set up the repo to require min-compression 128 via SASL, does that >> encrypt *just the authentication* or does that *encrypt the actual data >> transfer* too? >> >> >> I've asked just about everywhere else and can't seem to get a straight >> answer out of anyone- some people say yes, some people say no. > > Capture a small checkout using Wireshark and see for yourself. > > Reading this file: > > http://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt > > And the Known Issues regarding TLS. It almost sounds like the login > process is a plain text conversation, although with DIGEST-MD5 perhaps > still relatively secure, and then only after you have authenticated it > can encrypt the data? > > I think you would want to capture the traffic to see for yourself. Or > use something like SSH or https and not have any doubts. > > -- > Thanks > > Mark Phippard > http://markphip.blogspot.com/
