Skip site navigation (1) Skip section navigation (2)


From: Martijn van Oosterhout <kleptog(at)svana(dot)org>
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,Bruce Momjian <bruce(at)momjian(dot)us>,Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>,pgsql-hackers(at)postgresql(dot)org, mark(at)mark(dot)mielke(dot)cc,Mark Kirkwood <markir(at)paradise(dot)net(dot)nz>
Subject: Re: TODO: GNU TLS
Date: 2006-12-30 17:05:14
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Sat, Dec 30, 2006 at 08:14:16AM -0800, Joshua D. Drake wrote:
> > > This would be the big feature I think is missing from our current SSL
> > > support.  I don't think it'd be terribly difficult to support with
> > > either library (I think most of the work would be on the PG user auth
> > > side, which would be useable by either).
> > 
> > Wouldn't it be a lot more logical to support authentication with X.509
> > certificates rather than PGP keys?
> The use of PGP in this manner is silly imo. X.509 would certainly be
> interesting.

Except tht X.509 is already done (in a sense). The client can supply a
certificate that the server can check, and vice-versa. You can't link
this with the postgresql username yet, but I havn't seen any proposals
about how to do that.

The reason I wanted to use PGP is that I already have a PGP key. X.509
certificates are far too complicated (a certificate authority is a
useless extra step in my case).

Have a nice day,
Martijn van Oosterhout   <kleptog(at)svana(dot)org>
> From each according to his ability. To each according to his ability to litigate.

In response to


pgsql-hackers by date

Next:From: markDate: 2006-12-30 17:26:12
Subject: Re: TODO: GNU TLS
Previous:From: Mark Cave-AylandDate: 2006-12-30 16:56:15
Subject: Re: WITH support

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group