On Tue, Nov 26, 2013 at 12:30:08PM -0800, John R Pierce wrote: > On 11/26/2013 12:16 PM, Robin wrote: > > 1. A self-signed certificate can be issued by anybody, there is no way of > authenticating the issuer. > 2. Distributing self-signed certificates becomes a pain - if signed by a > CA, its easy to lodge your public key where everybody can find it, and > knows where to look for it. > 3. Maintenance becomes a problem > > > > while that's all true for public https or whatever, none of this applies to a > point to point connection like libpq -> postmaster. Right. I know of no mechanism to verify a certificate via a public CA through SSL. Browsers have a list of trusted certificates, but SSL alone doesn't, as far as I know. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
