Skip site navigation (1) Skip section navigation (2)

Re: TODO: GNU TLS

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Martijn van Oosterhout <kleptog(at)svana(dot)org>,Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>,Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>,pgsql-hackers(at)postgresql(dot)org,"Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, mark(at)mark(dot)mielke(dot)cc,Mark Kirkwood <markir(at)paradise(dot)net(dot)nz>
Subject: Re: TODO: GNU TLS
Date: 2006-12-30 19:22:59
Message-ID: 20061230192259.GR24675@kenobi.snowman.net (view raw or flat)
Thread:
Lists: pgsql-hackers
* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> Stephen Frost wrote:
> > * Martijn van Oosterhout (kleptog(at)svana(dot)org) wrote:
> >> On Sat, Dec 30, 2006 at 02:10:42AM -0500, Tom Lane wrote:
> >>> Actually, it's *not* feature-complete even yet.
> >> What's missing? I don't see anything on the TODO list relating to
> >> this. If you wanted a GnuTLS patch that supported more features than
> >> the OpenSSL one, you should have said so. Personally I would have
> >> added:
> >>
> >> - authentication using PGP keys
> > 
> > This would be the big feature I think is missing from our current SSL
> > support.  I don't think it'd be terribly difficult to support with
> > either library (I think most of the work would be on the PG user auth
> > side, which would be useable by either).
> 
> Wouldn't it be a lot more logical to support authentication with X.509
> certificates rather than PGP keys? Given that SSL already has that at a
> protocol level AFAIK? And if you are doing any kind of enterprise
> deployment at lesat, you're likely to have the PKI infrastructure to
> deal out X.509 already?
> 
> That said, you could do PGP authentication anyway - independent of SSL -
> if people wanted it.

Err, brain fart on my side, I was thinking about X.509 certs, actually,
not PGP keys.  I agree w/ you 100% on this. :)

	Thanks,

		Stephen

In response to

pgsql-hackers by date

Next:From: Stephen FrostDate: 2006-12-30 19:26:17
Subject: Re: TODO: GNU TLS
Previous:From: Bruce MomjianDate: 2006-12-30 19:21:21
Subject: Re: TODO: GNU TLS

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group