| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Post-CVE Wishlist |
| Date: | 2021-12-09 15:24:23 |
| Message-ID: | 09889c44-05bc-376e-a4e5-0ef0adccf2ee@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 07.12.21 19:49, Jacob Champion wrote:
>> = Implicit TLS =
> Reactions to implicit TLS were mixed, from "we should not do this" to
> "it might be nice to have the option, from a technical standpoint".
> Both a separate-port model and a shared-port model were tentatively
> proposed. The general consensus seems to be that the StartTLS-style
> flow is currently sufficient from a security standpoint.
>
> I didn't see any responses that were outright in favor, so I think my
> remaining question is: are there any committers who think a prototype
> would be worth the time for a motivated implementer?
I'm quite interested in this. My next question would be how complicated
it would be. Is it just a small block of code that peaks at a few bytes
and decides it's a TLS handshake? Or would it require a major
restructuring of all the TLS support code? Possibly something in the
middle.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2021-12-09 15:27:31 | Re: Dubious usage of TYPCATEGORY_STRING |
| Previous Message | Peter Eisentraut | 2021-12-09 15:08:50 | Re: SQL/JSON: functions |