Home > mailing lists

Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

From	Peter Eisentraut
Subject	Re: BUG #4340: SECURITY: Is SSL Doing Anything?
Date	August 20, 2008 11:39:24
Msg-id	200808201439.30240.peter_e@gmx.net Whole thread Raw
In response to	Re: BUG #4340: SECURITY: Is SSL Doing Anything? (Dan Kaminsky <dan@doxpara.com>)
Responses	Re: BUG #4340: SECURITY: Is SSL Doing Anything?
List	pgsql-bugs

Tree view

Dan Kaminsky wrote:
> >> 1) No roots (but still works for some unknown reason)
> >> 2) Explicitly configured corporate roots
> >> 3) Explicitly configured corporate roots, AND global roots
> >> 4) Global roots (but still works for some unknown reason)

> So, if you do nothing special, it's #1?  Sounds like the path of least
> resistance is no security.  Uh oh.

Yeah, in the average, if not common case, a user interested in SSL use would
probably just follow the recipe in the documentation for creating and
installing a self-signed certificate with no certificate checking in the
client.  Which, as you correctly observe, is pretty much completely useless.

Someone should probably redesign, reconfigure, and redocument this.

pgsql-bugs by date:

From: Dan Kaminsky
Date: 19 August 2008, 20:36:47
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?

From: Magnus Hagander
Date: 20 August 2008, 11:57:03
Subject: Re: BUG #4340: SECURITY: Is SSL Doing Anything?

Re: BUG #4340: SECURITY: Is SSL Doing Anything? - Mailing list pgsql-bugs

Previous

Next