| From: | Nico Williams <nico(at)cryptonector(dot)com> |
|---|---|
| To: | Adrien Nayrat <adrien(dot)nayrat(at)dalibo(dot)com> |
| Cc: | Zeus Kronion <zkronion(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possible SSL improvements for a newcomer to tackle |
| Date: | 2017-10-03 15:47:31 |
| Message-ID: | 20171003154730.GN1251@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Oct 03, 2017 at 11:45:24AM +0200, Adrien Nayrat wrote:
> On 10/03/2017 06:15 AM, Zeus Kronion wrote:
> > 2) I was surprised to learn the following from the docs:
> >
> >> By default, PostgreSQL will not perform any verification of the server
> > certificate. This means that it is possible to spoof the server identity (for
> > example by modifying a DNS record or by taking over the server IP address)
> > without the client knowing. In order to prevent spoofing, SSL certificate
> > verification must be used.
> >
> > Is there a technical reason to perform no verification by default? Wouldn't a
> > safer default be desirable?
>
> If you want to verify server's certificate you should use DANE [1] + DNSSEC [2]
> ? (I am not an SSL expert too)
>
> If I understand correctly, you can store your certificate in a DNS record
> (TLSA). Then the client can check the certificate. You must trust your DNS
> server (protection against spoofing), that's why you have to use DNSSEC.
+1, but it's trickier than you might think. I can connect you with
Viktor Dukhovni, who has implemented DANE for OpenSSL, and done yeoman's
work getting DANE for SMTP working.
Nico
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Korotkov | 2017-10-03 16:04:57 | Re: 64-bit queryId? |
| Previous Message | Nico Williams | 2017-10-03 15:45:05 | Re: Possible SSL improvements for a newcomer to tackle |