Skip site navigation (1) Skip section navigation (2)

Re: SSL cleanups/hostname verification

From: Martijn van Oosterhout <kleptog(at)svana(dot)org>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Gregory Stark <stark(at)enterprisedb(dot)com>,Robert Haas <robertmhaas(at)gmail(dot)com>,Magnus Hagander <magnus(at)hagander(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SSL cleanups/hostname verification
Date: 2008-10-21 15:41:25
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Tue, Oct 21, 2008 at 02:41:11PM +0300, Peter Eisentraut wrote:
> >Preventing casual snooping without preventing MitM is a rational choice
> >for system administrators.
> I am not an expert in these things, but it seems to me that someone who 
> can casually snoop can also casually insert DHCP or DNS packages and 
> redirect traffic.  There is probably a small niche where just encryption 
> without server authentication prevents information leaks, but it is not 
> clear to me where this niche is or how it can be defined, and I 
> personally wouldn't encourage this sort of setup.

The example I know of is where there is a passive monitoring system
which monitors and logs all network traffic. In this case MitM is not
an issue because that's being monitored for. But avoiding the extra
duplication of confidential data is worth something.

It's not exactly a huge user group, but it exists.

Have a nice day,
Martijn van Oosterhout   <kleptog(at)svana(dot)org>
> Please line up in a tree and maintain the heap invariant while 
> boarding. Thank you for flying nlogn airlines.

In response to

pgsql-hackers by date

Next:From: David FetterDate: 2008-10-21 15:45:11
Subject: Re: automatic parser generation for ecpg
Previous:From: Hannu KrosingDate: 2008-10-21 15:18:05
Subject: Re: Withdraw PL/Proxy from commitfest

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group