Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> On Friday 10 April 2009 21:27:54 Stephen Frost wrote:
>> I agree with this. Avoiding spoofing is good, but so is on the wire
>> encryption even if you don't have anti-spoofing. This is a reasonable
>> set-up and we shouldn't just fail on it.
> This whole debate hinges on the argument that encryption without
> anti-spoofing is *not* useful.
If we believe that then we need to also change the server to require
a root.crt. I do not believe it --- there is a significant difference
in the difficulty of passive listening and active spoofing.
regards, tom lane