Re: Any advantage of using SSL with a certificate of authority?
| От | Robin |
|---|---|
| Тема | Re: Any advantage of using SSL with a certificate of authority? |
| Дата | |
| Msg-id | BLU0-SMTP16944A5E8647FD4D2BF0496E2EC0@phx.gbl обсуждение исходный текст |
| Ответ на | Re: Any advantage of using SSL with a certificate of authority? (Andrew Sullivan <ajs@crankycanuck.ca>) |
| Ответы |
Re: Any advantage of using SSL with a certificate of authority?
|
| Список | pgsql-general |
There is a downside to self-signed certificates.
I only use self signed certs for testing.
- A self-signed certificate can be issued by anybody, there is no way of authenticating the issuer.
- Distributing self-signed certificates becomes a pain - if signed by a CA, its easy to lodge your public key where everybody can find it, and knows where to look for it.
- Maintenance becomes a problem
I only use self signed certs for testing.
Robin St.ClairOn 26/11/2013 19:34, Andrew Sullivan wrote:
On Tue, Nov 26, 2013 at 02:18:58PM -0500, Vick Khera wrote:Using self-signed certs you can give them longevity of 10+ years, so never have to worry about them again :)Unless of course you turn out to have a weak algorithm and, say, No Such Agency decides to take up residence on your network. (It's not clear that CAs are any protection against that either, though, of course.) In general, 10+ years is probably too short a time to be using a cert unless you are completely certain to whom it could be exposed. (Some would argue that if you had that certainty, you might not need TLS/SSL anyway. I guess I'd respond that you could use TLS anyway because it would help in case of a network compromise.) Best, A
В списке pgsql-general по дате отправления: