| From: | Gregory Stark <stark(at)enterprisedb(dot)com> |
|---|---|
| To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSL cleanups/hostname verification |
| Date: | 2008-10-21 10:55:32 |
| Message-ID: | 87ljwinrob.fsf@oxford.xeocode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Martijn van Oosterhout <kleptog(at)svana(dot)org> writes:
> You seem to be making the assertion that making an encrypted connection
> to an untrusted server is worse than making a plaintext connection to
> an untrusted server, which seems bogus to me.
Hm, is it? If you use good old traditional telnet you know you're typing on an
insecure connection. If you use ssh you expect it to be secure and indeed ssh
throws up big errors if it fails to get a secure connection -- it doesn't
silently fall back to an insecure connection.
Actually even the example given before of the browsers follows this model. If
you visit an insecure web site you get your web page. But if you visit a
secure web site with a bogus certificate you get a big warning.
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's 24x7 Postgres support!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stefan Kaltenbrunner | 2008-10-21 11:08:45 | Re: SE-PostgreSQL wiki updates, but ... |
| Previous Message | Simon Riggs | 2008-10-21 10:50:29 | Re: Index use during Hot Standby |