| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Any advantage of using SSL with a certificate of authority? |
| Date: | 2013-11-26 21:48:33 |
| Message-ID: | 20131126214833.GA9629@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Nov 26, 2013 at 12:30:08PM -0800, John R Pierce wrote:
> On 11/26/2013 12:16 PM, Robin wrote:
>
> 1. A self-signed certificate can be issued by anybody, there is no way of
> authenticating the issuer.
> 2. Distributing self-signed certificates becomes a pain - if signed by a
> CA, its easy to lodge your public key where everybody can find it, and
> knows where to look for it.
> 3. Maintenance becomes a problem
>
>
>
> while that's all true for public https or whatever, none of this applies to a
> point to point connection like libpq -> postmaster.
Right. I know of no mechanism to verify a certificate via a public CA
through SSL. Browsers have a list of trusted certificates, but SSL
alone doesn't, as far as I know.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2013-11-26 23:25:44 | Re: [GENERAL] pg_upgrade ?deficiency |
| Previous Message | Merlin Moncure | 2013-11-26 21:22:48 | Re: tracking scripts... |