On Sat, Dec 30, 2006 at 08:14:16AM -0800, Joshua D. Drake wrote:
> > > This would be the big feature I think is missing from our current SSL
> > > support. I don't think it'd be terribly difficult to support with
> > > either library (I think most of the work would be on the PG user auth
> > > side, which would be useable by either).
> > Wouldn't it be a lot more logical to support authentication with X.509
> > certificates rather than PGP keys?
> The use of PGP in this manner is silly imo. X.509 would certainly be
Except tht X.509 is already done (in a sense). The client can supply a
certificate that the server can check, and vice-versa. You can't link
this with the postgresql username yet, but I havn't seen any proposals
about how to do that.
The reason I wanted to use PGP is that I already have a PGP key. X.509
certificates are far too complicated (a certificate authority is a
useless extra step in my case).
Have a nice day,
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
In response to
pgsql-hackers by date
|Next:||From: mark||Date: 2006-12-30 17:26:12|
|Subject: Re: TODO: GNU TLS|
|Previous:||From: Mark Cave-Ayland||Date: 2006-12-30 16:56:15|
|Subject: Re: WITH support|