| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Nico Williams <nico(at)cryptonector(dot)com> |
| Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Unnecessary connection overhead due copy-on-write (mainly openssl) |
| Date: | 2025-06-09 16:40:04 |
| Message-ID: | CAOYmi+nDsEGnCD5HfQpu4BL9VQhqtLc6WvKKb9AzAMomsKh7hA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jun 6, 2025 at 1:18 PM Nico Williams <nico(at)cryptonector(dot)com> wrote:
> However no one will be using a discrete or firmware TPM for TLS server
> certificate private key usage: discrete TPMs are way way too slow for
> that, and firmware TPMs are... also way too slow. You wouldn't bother
> with a software TPM for this unless it's for privilege separation.
There are other cryptographic things users could be doing on the
server side, too, via extensions, or even other library dependencies
that themselves rely on OpenSSL.
But in any case, what you've written seems reasonable to me, and I
don't have any reason to gum up the works, so I'll pipe down. (I've
asked around internally to see if there are any concerns, too; I'm
happy to share if I find anything.)
Thanks!
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jesper Pedersen | 2025-06-09 17:38:09 | pg_rewind: Doc update for PostgreSQL 18 |
| Previous Message | Robert Treat | 2025-06-09 16:39:54 | Re: [PATCH] Re: Proposal to Enable/Disable Index using ALTER INDEX |