| From: | Adrien Nayrat <adrien(dot)nayrat(at)dalibo(dot)com> |
|---|---|
| To: | Zeus Kronion <zkronion(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possible SSL improvements for a newcomer to tackle |
| Date: | 2017-10-03 09:45:24 |
| Message-ID: | 994946e0-b006-a44b-65d9-70eb6e050fe1@dalibo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 10/03/2017 06:15 AM, Zeus Kronion wrote:
> 2) I was surprised to learn the following from the docs:
>
>> By default, PostgreSQL will not perform any verification of the server
> certificate. This means that it is possible to spoof the server identity (for
> example by modifying a DNS record or by taking over the server IP address)
> without the client knowing. In order to prevent spoofing, SSL certificate
> verification must be used.
>
> Is there a technical reason to perform no verification by default? Wouldn't a
> safer default be desirable?
If you want to verify server's certificate you should use DANE [1] + DNSSEC [2]
? (I am not an SSL expert too)
If I understand correctly, you can store your certificate in a DNS record
(TLSA). Then the client can check the certificate. You must trust your DNS
server (protection against spoofing), that's why you have to use DNSSEC.
1: https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
2: https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
--
Adrien NAYRAT
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-10-03 10:46:16 | Re: list of credits for release notes |
| Previous Message | Alvaro Herrera | 2017-10-03 09:35:21 | Re: [PATCH] Improve geometric types |