| From: | Robbie Harwood <rharwood(at)redhat(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Nico Williams <nico(at)cryptonector(dot)com> |
| Subject: | Re: [PATCH v18] GSSAPI encryption support |
| Date: | 2018-08-06 21:23:28 |
| Message-ID: | jlgd0uvyysv.fsf@redhat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Heikki Linnakangas (hlinnaka(at)iki(dot)fi) wrote:
>
>> What is the point of this patch? What's the advantage of GSSAPI
>> encryption over SSL? I was hoping to find the answer by reading the
>> documentation changes, but all I can see is "how" to set it up, and
>> nothing about "why".
>
> If you've already got an existing Kerberos environment, then it's a
> lot nicer to leverage that rather than having to also implement a full
> PKI to support and use SSL-based encryption.
>
> There's also something to be said for having alternatives to OpenSSL.
This exactly.
If you're in a position where you're using Kerberos (or most other
things from the GSSAPI) for authentication, the encryption comes at
little to no additional setup cost. And then you get all the security
benefits outlined in the docs changes.
Thanks,
--Robbie
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Charles Cui | 2018-08-07 00:56:11 | Re: [GSoC]The project summary |
| Previous Message | Alvaro Herrera | 2018-08-06 21:04:32 | Re: [report] memory leaks in COPY FROM on partitioned table |