Re: TODO: GNU TLS

* Magnus Hagander (magnus@hagander.net) wrote:
> Stephen Frost wrote:
> > * Martijn van Oosterhout (kleptog@svana.org) wrote:
> >> On Sat, Dec 30, 2006 at 02:10:42AM -0500, Tom Lane wrote:
> >>> Actually, it's *not* feature-complete even yet.
> >> What's missing? I don't see anything on the TODO list relating to
> >> this. If you wanted a GnuTLS patch that supported more features than
> >> the OpenSSL one, you should have said so. Personally I would have
> >> added:
> >>
> >> - authentication using PGP keys
> >
> > This would be the big feature I think is missing from our current SSL
> > support.  I don't think it'd be terribly difficult to support with
> > either library (I think most of the work would be on the PG user auth
> > side, which would be useable by either).
>
> Wouldn't it be a lot more logical to support authentication with X.509
> certificates rather than PGP keys? Given that SSL already has that at a
> protocol level AFAIK? And if you are doing any kind of enterprise
> deployment at lesat, you're likely to have the PKI infrastructure to
> deal out X.509 already?
>
> That said, you could do PGP authentication anyway - independent of SSL -
> if people wanted it.

Err, brain fart on my side, I was thinking about X.509 certs, actually,
not PGP keys.  I agree w/ you 100% on this. :)
Thanks,
    Stephen