On Tue, Oct 03, 2017 at 11:45:24AM +0200, Adrien Nayrat wrote: > On 10/03/2017 06:15 AM, Zeus Kronion wrote: > > 2) I was surprised to learn the following from the docs: > > > >> By default, PostgreSQL will not perform any verification of the server > > certificate. This means that it is possible to spoof the server identity > > (for > > example by modifying a DNS record or by taking over the server IP address) > > without the client knowing. In order to prevent spoofing, SSL certificate > > verification must be used. > > > > Is there a technical reason to perform no verification by default? Wouldn't > > a > > safer default be desirable? > > If you want to verify server's certificate you should use DANE [1] + DNSSEC > [2] > ? (I am not an SSL expert too) > > If I understand correctly, you can store your certificate in a DNS record > (TLSA). Then the client can check the certificate. You must trust your DNS > server (protection against spoofing), that's why you have to use DNSSEC.
+1, but it's trickier than you might think. I can connect you with Viktor Dukhovni, who has implemented DANE for OpenSSL, and done yeoman's work getting DANE for SMTP working. Nico -- -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
