| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Andrew Sullivan <ajs(at)crankycanuck(dot)ca>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-29 02:35:45 |
| Message-ID: | 200712290235.lBT2ZjN21922@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander wrote:
> We could make it so that we *require* the root certificate to be present
> on the client and make the check, and simply refuse to connect without
> it. But my guess is that it'll just increase the bar for SSL adoption at
> all, whilst most people will find some insecure way to get the root key
> over there anyway. Unless we want to start shipping our own batch of
> trusted roots, and only support paid-for certificates or something...
Agreed. Requiring client root certificate checking is heavy-handed. At
most we could emit a server log message when a client has no
certificate.
Of course I am not sure anyone knows how to get that information from
SSL. We could do it in the clients we ship but a malicious client will
just remove the check.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-12-29 03:10:18 | Re: Spoofing as the postmaster |
| Previous Message | Andrew Dunstan | 2007-12-29 01:26:06 | Re: minimal update |