| From: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
|---|---|
| To: | Mark Morgan Lloyd <markMLl(dot)pgsql-general(at)telemetry(dot)co(dot)uk>, <pgsql-general(at)PostgreSQL(dot)org> |
| Subject: | Re: "Web of trust" connections |
| Date: | 2015-11-10 16:03:35 |
| Message-ID: | 56421557.4080205@BlueTreble.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 11/6/15 8:01 AM, Mark Morgan Lloyd wrote:
> Purely out of curiosity, is there any way of using some sort of "web of
> trust" (comparable with GPG or whatever) when verifying server and
> client certificates, rather than going back to a centralised CA?
>
> My apologies if this is a silly question, or if there are fundamental
> reasons why such a thing would be inappropriate. My scenario is that I'm
> looking at multiple PostgreSQL servers (with supporting custom software)
> arranged (approximately) as a tree, with nodes sending notifications to
> their peers as they see changes. I want to make it as easy as possible
> to set up a new server and get it cooperating with the rest, and some
> sort of WoT might be plausible rather than having to wait for the root
> administrator to send keys over a secure channel.
Postgres does support PAM, so you might be able to craft such a solution
using that along with something that support WoT (like GPG).
--
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2015-11-10 16:05:51 | Re: Debugger locks up |
| Previous Message | Adrian Klaver | 2015-11-10 16:00:06 | Re: tds_fdw - work on windows |