| From: | Robbie Harwood <rharwood(at)redhat(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Subject: | Re: [PATCH v3] GSSAPI encryption support |
| Date: | 2015-10-30 19:38:47 |
| Message-ID: | jlglhakxi2g.fsf@thriss.redhat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andreas, can you please weigh in here since your voice is important to
this process?
Robbie Harwood <rharwood(at)redhat(dot)com> writes:
> Andres Freund <andres(at)anarazel(dot)de> writes:
>
>> On 2015-10-22 16:47:09 +0900, Michael Paquier wrote:
>>> Hm, and that's why you chose this way of going. My main concern about
>>> this patch is that it adds on top of the existing Postgres protocol a
>>> layer to encrypt and decrypt the messages between server and client
>>> based on GSSAPI. All messages transmitted between client and server
>>> are changed to 'g' messages on the fly and switched back to their
>>> original state at reception. This is symbolized by the four routines
>>> you added in the patch in this purpose, two for frontend and two for
>>> backend, each one for encryption and decryption. I may be wrong of
>>> course, but it seems to me that this approach will not survive
>>> committer-level screening because of the fact that context-level
>>> things invade higher level protocol messages.
>>
>> Agreed. At least one committer here indeed thinks this approach is not
>> acceptable (and I've said so upthread).
>
> Okay, I'll make some changes. Before I do, though, since this is not
> the approach I came up with, can you explicitly state what you're
> looking for here? It subjectively seems that I'm getting a lot of
> feedback of "this feels wrong" without suggestion for improvement.
>
> To be clear, what I need to know is:
>
> - What changes do you want to see in the wire protocol? (And how will
> fallback be supported if that's affected?)
>
> - Since this seems to be an important sticking point, what files am I
> encouraged to change (or prohibited from changing)? (Fallback makes
> this complex.)
>
> - I've been assuming that we care about fallback, but I'd like to be
> told that it's something postgres actually wants to see because it's
> the most intricate part of these changes. (I'm reasonably confident
> that the code becomes simpler without it, and I myself have no use for
> it.)
>
> If I understand what you're asking for (and the above is intended to be
> sure that I will), this will not be a trivial rework, so I want to be
> really sure before doing that because writing this code a third time is
> something I don't relish.
>
> Thanks,
> --Robbie
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David E. Wheeler | 2015-10-30 19:55:31 | Re: pgxs/config/missing is... missing |
| Previous Message | Jim Nasby | 2015-10-30 18:42:43 | Patch to install config/missing |