| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | thomas(at)habets(dot)se |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Date: | 2021-10-04 21:14:36 |
| Message-ID: | 20211004211436.GC20709@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Sep 28, 2021 at 02:54:39AM -0700, thomas(at)habets(dot)se wrote:
> On Tue, 28 Sep 2021 02:09:11 +0100, Bruce Momjian <bruce(at)momjian(dot)us> said:
> > I don't think public CA's are not a good idea for complex setups since
> > they open the ability for an external party to create certificates that
> > are trusted by your server's CA, e.g., certificate authentication.
>
> I'm not arguing for, and in fact would argue against, public CA for
> client certs.
>
> So that's a separate issue.
>
> Note that mTLS prevents a MITM attack that exposes server data even if
> server cert is compromised or re-issued, so if the install is using
> client certs (with private CA) then the public CA for server matters
> much less.
>
> You can end up at the wrong server, yes, and provide data as INSERT,
> but can't steal or corrupt existing data.
>
> And you say for complex setups. Fair enough. But currently I'd say the
> default is wrong, and what should be default is not configurable.
Agreed, I think this needs much more discussion and documentation.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jaime Casanova | 2021-10-04 21:27:54 | Re: Patch: Range Merge Join |
| Previous Message | Bruce Momjian | 2021-10-04 21:13:18 | Re: storing an explicit nonce |