On Wed, Jun 3, 2020 at 07:57:16PM -0400, Chapman Flack wrote:
> For example, we might agree that it is safe to trust nothing but the
> end-entity cert of my server itself. I made a server, here is its cert,
> here is a root.crt file for libpq containing only this exact cert, I
> want libpq to connect only ever to this server with this cert and nothing
> else. It's a pain because I have to roll out new root.crt files to everybody
> whenever the cert changes, but it would be hard to call it unsafe.
I think you have hit on the reason CAs are used. By putting a valid
root certificate on the client, the server certificate can be changed
without modifying the certificate on the client.
Without that ability, every client would need be changed as soon as the
server certificate was changed. Allowing intermediate certificates to
function as root certificates would fix that problem. When the
non-trusted CA changes your certificate, you are going to have the same
problem updating everything at once. This is why a root certificate,
which never changes, is helpful.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee