Re: Spoofing as the postmaster

Bruce Momjian wrote:
> Good point.  I have added the last two sentences to the documentation
> paragraph to highlight this issue:
>
>    <productname>OpenSSL</productname> supports a wide range of ciphers
>    and authentication algorithms, of varying strength.  While a list of
>    ciphers can be specified in the <productname>OpenSSL</productname>
>    configuration file, you can specify ciphers specifically for use by
>    the database server by modifying <xref linkend="guc-ssl-ciphers"> in
>    <filename>postgresql.conf</>.  It is possible to have authentication
>    without the overhead of encryption by using <literal>NULL-SHA</> or
>    <literal>NULL-MD5</> ciphers.  However, a man-in-the-middle could read
>    and pass communications between client and server.
>   
A fact that the above misses, is that symmetric key encryption is 
actually quite cheap. It is asymmetric key encryption that is expensive. 
If you look up information on SSL accelerators, you will find claims 
that the initial SSL authentication negotiation is 1000X as expensive as 
the actual data encryption for a running session, and that SSL web 
services are usually limited by their ability to negotiate NEW sessions. 
In other words, as well intentioned and accurate as the claim you make 
above, it may be irrelevant in many real world scenarios. If you are 
going to go through all the expensive processing of having 
authentication enabled, you may as well have encryption enabled too.

Cheers,
mark

-- 
Mark Mielke <mark@mielke.cc>