| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-hackers(at)postgresql(dot)org, mark(at)mark(dot)mielke(dot)cc, Mark Kirkwood <markir(at)paradise(dot)net(dot)nz> |
| Subject: | Re: TODO: GNU TLS |
| Date: | 2006-12-30 17:05:14 |
| Message-ID: | 20061230170514.GE8245@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Dec 30, 2006 at 08:14:16AM -0800, Joshua D. Drake wrote:
>
> > > This would be the big feature I think is missing from our current SSL
> > > support. I don't think it'd be terribly difficult to support with
> > > either library (I think most of the work would be on the PG user auth
> > > side, which would be useable by either).
> >
> > Wouldn't it be a lot more logical to support authentication with X.509
> > certificates rather than PGP keys?
>
> The use of PGP in this manner is silly imo. X.509 would certainly be
> interesting.
Except tht X.509 is already done (in a sense). The client can supply a
certificate that the server can check, and vice-versa. You can't link
this with the postgresql username yet, but I havn't seen any proposals
about how to do that.
The reason I wanted to use PGP is that I already have a PGP key. X.509
certificates are far too complicated (a certificate authority is a
useless extra step in my case).
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | mark | 2006-12-30 17:26:12 | Re: TODO: GNU TLS |
| Previous Message | Mark Cave-Ayland | 2006-12-30 16:56:15 | Re: WITH support |