Home > mailing lists

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date	April 10, 2009 19:50:17
Msg-id	29572.1239393002@sss.pgh.pa.us Whole thread Raw
In response to	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
List	pgsql-bugs

Tree view

Peter Eisentraut <peter_e@gmx.net> writes:
> On Friday 10 April 2009 21:27:54 Stephen Frost wrote:
>> I agree with this.  Avoiding spoofing is good, but so is on the wire
>> encryption even if you don't have anti-spoofing.  This is a reasonable
>> set-up and we shouldn't just fail on it.

> This whole debate hinges on the argument that encryption without
> anti-spoofing is *not* useful.

If we believe that then we need to also change the server to require
a root.crt.  I do not believe it --- there is a significant difference
in the difficulty of passive listening and active spoofing.

            regards, tom lane

pgsql-bugs by date:

From: Peter Eisentraut
Date: 10 April 2009, 19:50:14
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Peter Eisentraut
Date: 10 April 2009, 19:58:00
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt - Mailing list pgsql-bugs

Previous

Next