Re: Commitfest 2021-11 Patch Triage - Part 2

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Daniel Gustafsson <daniel(at)yesql(dot)se>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Commitfest 2021-11 Patch Triage - Part 2
Date: 2021-11-09 23:21:43
Message-ID: 20211109232143.GA20541@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Nov 9, 2021 at 12:43:20PM -0500, Stephen Frost wrote:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> > Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
> > I'm not Robert, but I still have an opinion here, and that it's that this
> > feature would at best be an attractive nuisance. If you need compression
> > on a database session, it probably means that the connection is over the
> > open internet, which means that you need encryption even more. And we
> > know that compression and encryption do not play well together. The
> > reason compression was taken out of the latest TLS standards is not that
> > they wouldn't have liked to have it, nor that applying compression in a
> > separate code layer would be any safer. I fear offering this would
> > merely lead people to build CVE-worthy setups.
>
> I've got an opinion on this also and I don't agree that needing
> compression means you're on the open internet or that we shouldn't allow
> users the choice to decide if they want to use compression and
> encryption together or not. Yes, there's potential risks there, but I
> don't think those risks would lead to CVEs against PG for supporting a
> mode where we allow compression and then also allow encryption- if
> that's a problem then it's an issue for the encryption library/method
> being used and isn't the fault of us for allowing that combination.

Yeah, I am leaning this diretion too. On the one hand, the number of
ways to exploit compression-then-encryption seem to continue to grow,
but it is the complex behavior of HTTPS and connecting to multiple sites
which seems to always be required, and we don't do that with the
Postgres client/server protocol.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

If only the physical world exists, free will is an illusion.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Smith 2021-11-09 23:40:49 Re: row filtering for logical replication
Previous Message Peter Smith 2021-11-09 23:09:01 Re: row filtering for logical replication