On 11/26/2013 12:16 PM, Robin wrote:
1. A self-signed certificate can be issued by anybody, there is no
way of authenticating the issuer.
2. Distributing self-signed certificates becomes a pain - if signed
by a CA, its easy to lodge your public key where everybody can
find it, and knows where to look for it.
3. Maintenance becomes a problem
while that's all true for public https or whatever, none of this applies
to a point to point connection like libpq -> postmaster.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
