| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Robbie Harwood <rharwood(at)redhat(dot)com> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers(at)postgresql(dot)org, Nico Williams <nico(at)cryptonector(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, David Steele <david(at)pgmasters(dot)net> |
| Subject: | Re: [PATCH v20] GSSAPI encryption support |
| Date: | 2019-02-20 10:15:32 |
| Message-ID: | dffb5116-6c00-d659-e569-b41489ac4c9a@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2019-02-18 16:32, Stephen Frost wrote:
> Considering this is only the second encryption protocol in the project's
> lifetime, I agree that using callbacks would be overkill here. What
> other encryption protocols are you thinking we would be adding here? I
> think most would be quite hard-pressed to name a second general-purpose
> one beyond TLS/SSL, and those who can almost certainly would say GSS,
> but a third? Certainly OpenSSH has its own, but it's not intended to be
> general purpose and I can't see us adding support for OpenSSH's
> encryption protocol to PG.
I did look into an SSH-based encryption layer at one point. It's
certainly attractive in terms of simplicity over SSL. But your point
stands nonetheless, for two or three plausible implementations, we don't
necessarily need a generic plugin system.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2019-02-20 10:20:50 | Re: [HACKERS] Time to change pg_regress diffs to unified by default? |
| Previous Message | Nikolay Shaplov | 2019-02-20 09:28:32 | Re: Ltree syntax improvement |