Re: TODO: GNU TLS

On Sat, Dec 30, 2006 at 08:14:16AM -0800, Joshua D. Drake wrote:
>
> > > This would be the big feature I think is missing from our current SSL
> > > support.  I don't think it'd be terribly difficult to support with
> > > either library (I think most of the work would be on the PG user auth
> > > side, which would be useable by either).
> >
> > Wouldn't it be a lot more logical to support authentication with X.509
> > certificates rather than PGP keys?
>
> The use of PGP in this manner is silly imo. X.509 would certainly be
> interesting.

Except tht X.509 is already done (in a sense). The client can supply a
certificate that the server can check, and vice-versa. You can't link
this with the postgresql username yet, but I havn't seen any proposals
about how to do that.

The reason I wanted to use PGP is that I already have a PGP key. X.509
certificates are far too complicated (a certificate authority is a
useless extra step in my case).

Have a nice day,
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.