| From: | Robin <robinstc(at)live(dot)co(dot)uk> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Any advantage of using SSL with a certificate of authority? |
| Date: | 2013-11-26 20:16:45 |
| Message-ID: | BLU0-SMTP16944A5E8647FD4D2BF0496E2EC0@phx.gbl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
There is a downside to self-signed certificates.
1. A self-signed certificate can be issued by anybody, there is no way
of authenticating the issuer.
2. Distributing self-signed certificates becomes a pain - if signed by
a CA, its easy to lodge your public key where everybody can find it,
and knows where to look for it.
3. Maintenance becomes a problem
I only use self signed certs for testing.
Robin St.Clair
On 26/11/2013 19:34, Andrew Sullivan wrote:
> On Tue, Nov 26, 2013 at 02:18:58PM -0500, Vick Khera wrote:
>> Using self-signed certs you can give them longevity of 10+ years, so never
>> have to worry about them again :)
> Unless of course you turn out to have a weak algorithm and, say, No
> Such Agency decides to take up residence on your network. (It's not
> clear that CAs are any protection against that either, though, of
> course.) In general, 10+ years is probably too short a time to be
> using a cert unless you are completely certain to whom it could be
> exposed. (Some would argue that if you had that certainty, you might
> not need TLS/SSL anyway. I guess I'd respond that you could use TLS
> anyway because it would help in case of a network compromise.)
>
> Best,
>
> A
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joey Quinn | 2013-11-26 20:17:56 | Re: tracking scripts... |
| Previous Message | John R Pierce | 2013-11-26 20:13:53 | Re: tracking scripts... |