Re: unclear wording re: spoofing prevention on network connections

On Fri, Dec  8, 2023 at 05:42:27PM +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
> 
> Page: https://www.postgresql.org/docs/16/preventing-server-spoofing.html
> Description:
> 
> When I read:
> To prevent spoofing on TCP connections, either use SSL certificates and make
> sure that clients check the server's certificate, or use GSSAPI encryption
> (or both, if they're on separate connections).
> 
> It takes some thought to figure out what "separate connections" are being
> referred to.  Does it mean separate TLS connection and
> non-tls-with-gssapi-encryption?

I have no idea.  It was added in this commit:

    commit b0b39f72b9
    Author: Stephen Frost <sfrost@snowman.net>
    Date:   Wed Apr 3 15:02:33 2019 -0400
    
        GSSAPI encryption support
    
        On both the frontend and backend, prepare for GSSAPI encryption
        support by moving common code for error handling into a separate file.
        Fix a TODO for handling multiple status messages in the process.
        Eliminate the OIDs, which have not been needed for some time.
    ...

I have CC'ed the patch author.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.