Home > mailing lists

Re: SSL cleanups/hostname verification - Mailing list pgsql-hackers

From	Martijn van Oosterhout
Subject	Re: SSL cleanups/hostname verification
Date	October 21, 2008 09:01:51
Msg-id	20081021090128.GA5062@svana.org Whole thread Raw
In response to	Re: SSL cleanups/hostname verification (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: SSL cleanups/hostname verification
List	pgsql-hackers

Tree view

On Tue, Oct 21, 2008 at 11:02:11AM +0300, Peter Eisentraut wrote:
> If you install a new web browser, would you want it to be configured by
> default to warn about untrusted certificates or to "not bother" the user
> about it?  It's pretty much the same question here.

We "don't bother" users when there is no certificate at all, so why
would you if the certificate is untrusted?

You seem to be making the assertion that making an encrypted connection
to an untrusted server is worse than making a plaintext connection to
an untrusted server, which seems bogus to me.

Have a nice day,
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> Please line up in a tree and maintain the heap invariant while
> boarding. Thank you for flying nlogn airlines.

pgsql-hackers by date:

From: Matthieu Imbert
Date: 21 October 2008, 08:40:22
Subject: binary representation of datatypes

From: Michael Meskes
Date: 21 October 2008, 09:41:57
Subject: Re: binary representation of datatypes

Re: SSL cleanups/hostname verification - Mailing list pgsql-hackers

Previous

Next