Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-04 Thread Jeff Janes
On Tue, Oct 3, 2017 at 6:44 AM, Tom Lane wrote: > Magnus Hagander writes: > > On Tue, Oct 3, 2017 at 6:33 AM, Tom Lane wrote: > >> I'm not an SSL expert, so insert appropriate grain of salt, but AIUI the > >> question is what are you

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-04 Thread Nico Williams
On Wed, Oct 04, 2017 at 11:47:45AM -0700, Jeff Janes wrote: > On Mon, Oct 2, 2017 at 9:33 PM, Tom Lane wrote: > > It's possible that we could adopt some policy like "if the root.crt file > > exists then default to verify" ... but that seems messy and unreliable, > > so I'm not

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-04 Thread Jeff Janes
On Mon, Oct 2, 2017 at 9:33 PM, Tom Lane wrote: > > It's possible that we could adopt some policy like "if the root.crt file > exists then default to verify" ... but that seems messy and unreliable, > so I'm not sure it would really add any security. > That is what we do.

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-04 Thread Zeus Kronion
On Tue, Oct 3, 2017 at 11:39 AM, Nico Williams wrote: > On Tue, Oct 03, 2017 at 12:33:00AM -0400, Tom Lane wrote: > > So to default to verification would be to default to failing to > > connect at all until user has created a ~/.postgresql/root.crt file with > > valid,

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Adrien Nayrat
On 10/03/2017 05:47 PM, Nico Williams wrote: > +1, but it's trickier than you might think. I can connect you with > Viktor Dukhovni, who has implemented DANE for OpenSSL, and done yeoman's > work getting DANE for SMTP working. I really appreciate, but I know it is very tricky :). I do not

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Nico Williams
On Tue, Oct 03, 2017 at 11:45:24AM +0200, Adrien Nayrat wrote: > On 10/03/2017 06:15 AM, Zeus Kronion wrote: > > 2) I was surprised to learn the following from the docs: > > > >> By default, PostgreSQL will not perform any verification of the server > > certificate. This means that it is possible

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Nico Williams
On Tue, Oct 03, 2017 at 09:44:01AM -0400, Tom Lane wrote: > Magnus Hagander writes: > > On Tue, Oct 3, 2017 at 6:33 AM, Tom Lane wrote: > >> I'm not an SSL expert, so insert appropriate grain of salt, but AIUI the > >> question is what are you going to

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Nico Williams
On Tue, Oct 03, 2017 at 12:33:00AM -0400, Tom Lane wrote: > Zeus Kronion writes: > > 2) I was surprised to learn the following from the docs: > > >> By default, PostgreSQL will not perform any verification of the server > >> certificate. > > > Is there a technical reason to

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Magnus Hagander
On Tue, Oct 3, 2017 at 3:51 PM, Stephen Frost wrote: > Tom, > > * Tom Lane (t...@sss.pgh.pa.us) wrote: > > Magnus Hagander writes: > > > On Tue, Oct 3, 2017 at 6:33 AM, Tom Lane wrote: > > >> I'm not an SSL expert, so insert

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Stephen Frost
Tom, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Magnus Hagander writes: > > On Tue, Oct 3, 2017 at 6:33 AM, Tom Lane wrote: > >> I'm not an SSL expert, so insert appropriate grain of salt, but AIUI the > >> question is what are you going to verify against?

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Tom Lane
Magnus Hagander writes: > On Tue, Oct 3, 2017 at 6:33 AM, Tom Lane wrote: >> I'm not an SSL expert, so insert appropriate grain of salt, but AIUI the >> question is what are you going to verify against? > One way to do it would be to default to the

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Adrien Nayrat
Hi, On 10/03/2017 06:15 AM, Zeus Kronion wrote: > 2) I was surprised to learn the following from the docs: > >> By default, PostgreSQL will not perform any verification of the server > certificate. This means that it is possible to spoof the server identity (for > example by modifying a DNS

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-03 Thread Magnus Hagander
On Tue, Oct 3, 2017 at 6:33 AM, Tom Lane wrote: > Zeus Kronion writes: > > 2) I was surprised to learn the following from the docs: > > >> By default, PostgreSQL will not perform any verification of the server > >> certificate. > > > Is there a technical

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-02 Thread Michael Paquier
On Tue, Oct 3, 2017 at 1:15 PM, Zeus Kronion wrote: > I previously made one minuscule contribution to the project two years ago. > I'm interested in doing some more, and I'm trying to figure out what to > focus on. Two SSL-related projects caught my attention: > 1) Allow

Re: [HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-02 Thread Tom Lane
Zeus Kronion writes: > 2) I was surprised to learn the following from the docs: >> By default, PostgreSQL will not perform any verification of the server >> certificate. > Is there a technical reason to perform no verification by default? Wouldn't > a safer default be

[HACKERS] Possible SSL improvements for a newcomer to tackle

2017-10-02 Thread Zeus Kronion
I previously made one minuscule contribution to the project two years ago. I'm interested in doing some more, and I'm trying to figure out what to focus on. Two SSL-related projects caught my attention: 1) Allow automatic selection of SSL client certificates from a certificate store