| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL cleanups/hostname verification |
| Date: | 2008-10-21 12:40:13 |
| Message-ID: | 87hc76nmtu.fsf@oxford.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Martijn van Oosterhout <kleptog(at)svana(dot)org> writes:
> SSH is a good example, it only works with self-signed certificates, and
> relies on the client to check it. Libpq provides a mechanism for the
> client to verify the server's certificate, and that is safe even if it
> is self-signed.
Sort of. SSH requires you to install the certificate of the server locally
before connecting. If you don't it pops up a big warning and asks if you want
to install it. On subsequent connections it looks up the key for the name of
the host you're trying to connect to and insists it match. If it doesn't it
pops up a *huge* error and refuses to connect.
> Preventing casual snooping without preventing MitM is a rational choice
> for system administrators.
I think the word you're looking for is "naive" :)
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's On-Demand Production Tuning
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-10-21 12:47:35 | Re: SSL cleanups/hostname verification |
| Previous Message | Magnus Hagander | 2008-10-21 12:36:59 | Re: SSL cleanups/hostname verification |