From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Martijn van Oosterhout <kleptog(at)svana(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-hackers(at)postgresql(dot)org, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, mark(at)mark(dot)mielke(dot)cc, Mark Kirkwood <markir(at)paradise(dot)net(dot)nz> |
Subject: | Re: TODO: GNU TLS |
Date: | 2006-12-30 15:36:43 |
Message-ID: | 4596878B.8040607@hagander.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Stephen Frost wrote:
> * Martijn van Oosterhout (kleptog(at)svana(dot)org) wrote:
>> On Sat, Dec 30, 2006 at 02:10:42AM -0500, Tom Lane wrote:
>>> Actually, it's *not* feature-complete even yet.
>> What's missing? I don't see anything on the TODO list relating to
>> this. If you wanted a GnuTLS patch that supported more features than
>> the OpenSSL one, you should have said so. Personally I would have
>> added:
>>
>> - authentication using PGP keys
>
> This would be the big feature I think is missing from our current SSL
> support. I don't think it'd be terribly difficult to support with
> either library (I think most of the work would be on the PG user auth
> side, which would be useable by either).
Wouldn't it be a lot more logical to support authentication with X.509
certificates rather than PGP keys? Given that SSL already has that at a
protocol level AFAIK? And if you are doing any kind of enterprise
deployment at lesat, you're likely to have the PKI infrastructure to
deal out X.509 already?
That said, you could do PGP authentication anyway - independent of SSL -
if people wanted it.
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2006-12-30 15:38:15 | Re: TODO: GNU TLS |
Previous Message | David Fetter | 2006-12-30 15:15:50 | Re: TODO: GNU TLS |