From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
---|---|
To: | Gregory Stark <stark(at)enterprisedb(dot)com> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: SSL cleanups/hostname verification |
Date: | 2008-10-21 11:12:22 |
Message-ID: | 20081021111222.GB5062@svana.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Oct 21, 2008 at 11:55:32AM +0100, Gregory Stark wrote:
> Martijn van Oosterhout <kleptog(at)svana(dot)org> writes:
>
> > You seem to be making the assertion that making an encrypted connection
> > to an untrusted server is worse than making a plaintext connection to
> > an untrusted server, which seems bogus to me.
>
> Hm, is it? If you use good old traditional telnet you know you're typing on an
> insecure connection. If you use ssh you expect it to be secure and indeed ssh
> throws up big errors if it fails to get a secure connection -- it doesn't
> silently fall back to an insecure connection.
SSH is a good example, it only works with self-signed certificates, and
relies on the client to check it. Libpq provides a mechanism for the
client to verify the server's certificate, and that is safe even if it
is self-signed.
If the client knows the certificate the server is supposed to present,
then you can't have a man-in-the-middle attack, right? Whether it's
self-signed or not is irrelevent.
Preventing casual snooping without preventing MitM is a rational choice
for system administrators.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Please line up in a tree and maintain the heap invariant while
> boarding. Thank you for flying nlogn airlines.
From | Date | Subject | |
---|---|---|---|
Next Message | BRUSSER Michael | 2008-10-21 11:14:54 | corrupted pg_proc? |
Previous Message | Stefan Kaltenbrunner | 2008-10-21 11:08:45 | Re: SE-PostgreSQL wiki updates, but ... |