| From: | Vick Khera <vivek(at)khera(dot)org> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Jesus Rafael Sanchez Medrano <jesusrafael(at)gmail(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Any advantage of using SSL with a certificate of authority? |
| Date: | 2013-11-26 19:18:58 |
| Message-ID: | CALd+dcfTdCBJiqHu=t8zzswkPW6SiGntaD=8rou3JT88dQimfg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Tue, Nov 26, 2013 at 1:31 PM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> Well, by using a CA you are giving the CA rights to the key, while you
> fully control a self signed key. Since you probably don't expect
> unknown individuals to be connecting to your database, and self signed
> key is recommended.
>
You never give the key to them, just a signing request based on the key.
You lose no control over anything. They will in general insist your key be
at least 2048 bits.
The only advantage of having a CA key is if the client does authentication
of the server, and you have no prior arrangement with the client to accept
a certificate from your signing authority.
Using self-signed certs you can give them longevity of 10+ years, so never
have to worry about them again :)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2013-11-26 19:34:54 | Re: Any advantage of using SSL with a certificate of authority? |
| Previous Message | Alvaro Herrera | 2013-11-26 19:18:20 | Re: AccessShareLock and Resource Contention |