On Tue, Nov 26, 2013 at 02:18:58PM -0500, Vick Khera wrote: > Using self-signed certs you can give them longevity of 10+ years, so never > have to worry about them again :) Unless of course you turn out to have a weak algorithm and, say, No Such Agency decides to take up residence on your network. (It's not clear that CAs are any protection against that either, though, of course.) In general, 10+ years is probably too short a time to be using a cert unless you are completely certain to whom it could be exposed. (Some would argue that if you had that certainty, you might not need TLS/SSL anyway. I guess I'd respond that you could use TLS anyway because it would help in case of a network compromise.) Best, A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxx -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
