On Sat, Dec 30, 2006 at 08:14:16AM -0800, Joshua D. Drake wrote: > > > > This would be the big feature I think is missing from our current SSL > > > support. I don't think it'd be terribly difficult to support with > > > either library (I think most of the work would be on the PG user auth > > > side, which would be useable by either). > > > > Wouldn't it be a lot more logical to support authentication with X.509 > > certificates rather than PGP keys? > > The use of PGP in this manner is silly imo. X.509 would certainly be > interesting.
Except tht X.509 is already done (in a sense). The client can supply a certificate that the server can check, and vice-versa. You can't link this with the postgresql username yet, but I havn't seen any proposals about how to do that. The reason I wanted to use PGP is that I already have a PGP key. X.509 certificates are far too complicated (a certificate authority is a useless extra step in my case). Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to > litigate.
signature.asc
Description: Digital signature
