| From: | Nico Williams <nico(at)cryptonector(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Robbie Harwood <rharwood(at)redhat(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH v18] GSSAPI encryption support |
| Date: | 2018-08-06 18:26:55 |
| Message-ID: | 20180806182654.GU5695@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 06, 2018 at 10:36:34AM -0400, Stephen Frost wrote:
> * Heikki Linnakangas (hlinnaka(at)iki(dot)fi) wrote:
> > Sorry if this sounds facetious, but:
> >
> > What is the point of this patch? What's the advantage of GSSAPI encryption
> > over SSL? I was hoping to find the answer by reading the documentation
> > changes, but all I can see is "how" to set it up, and nothing about "why".
>
> If you've already got an existing Kerberos environment, then it's a lot
> nicer to leverage that rather than having to also implement a full PKI
> to support and use SSL-based encryption.
>
> There's also something to be said for having alternatives to OpenSSL.
Those two reasons would be my motivation if I were implementing this,
and they are some of the reasons I did a code review.
Nico
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeremy Evans | 2018-08-06 18:32:05 | Fix hints on CREATE PROCEDURE errors |
| Previous Message | Andrey Borodin | 2018-08-06 18:12:00 | Re: GiST VACUUM |