On Tue, Nov 26, 2013 at 12:30:08PM -0800, John R Pierce wrote:
> On 11/26/2013 12:16 PM, Robin wrote:
>
> 1. A self-signed certificate can be issued by anybody, there is no way of
> authenticating the issuer.
> 2. Distributing self-signed certificates becomes a pain - if signed by a
> CA, its easy to lodge your public key where everybody can find it, and
> knows where to look for it.
> 3. Maintenance becomes a problem
>
>
>
> while that's all true for public https or whatever, none of this applies to a
> point to point connection like libpq -> postmaster.
Right. I know of no mechanism to verify a certificate via a public CA
through SSL. Browsers have a list of trusted certificates, but SSL
alone doesn't, as far as I know.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +