From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | John R Pierce <pierce(at)hogranch(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Any advantage of using SSL with a certificate of authority? |
Date: | 2013-11-26 21:48:33 |
Message-ID: | 20131126214833.GA9629@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Tue, Nov 26, 2013 at 12:30:08PM -0800, John R Pierce wrote:
> On 11/26/2013 12:16 PM, Robin wrote:
>
> 1. A self-signed certificate can be issued by anybody, there is no way of
> authenticating the issuer.
> 2. Distributing self-signed certificates becomes a pain - if signed by a
> CA, its easy to lodge your public key where everybody can find it, and
> knows where to look for it.
> 3. Maintenance becomes a problem
>
>
>
> while that's all true for public https or whatever, none of this applies to a
> point to point connection like libpq -> postmaster.
Right. I know of no mechanism to verify a certificate via a public CA
through SSL. Browsers have a list of trusted certificates, but SSL
alone doesn't, as far as I know.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2013-11-26 23:25:44 | Re: [GENERAL] pg_upgrade ?deficiency |
Previous Message | Merlin Moncure | 2013-11-26 21:22:48 | Re: tracking scripts... |