Re: Fwd: [PATCHES] Preliminary GSSAPI Patches
Henry B. Hotz <hotz@jpl.nasa.gov>
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
To: Magnus Hagander <magnus@hagander.net>
Cc: josh@agliodbs.com, Tom Lane <tgl@sss.pgh.pa.us>, Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>, pgsql-hackers@postgresql.org
Date: 2007-05-02T15:53:08Z
Lists: pgsql-hackers
On May 2, 2007, at 3:11 AM, Magnus Hagander wrote: >> As to the question of GSSAPI vs SSL, I would never argue we don't >> want both. >> >> Part of what made the GSSAPI encryption mods difficult was my intent >> to insert them "above" the SSL encryption/buffering layer. That way >> you could double-encrypt the channel. Since GSSAPI and SSL are >> (probably, not necessarily) referenced to completely different ID >> infrastructure there are scenarios where that's beneficial. > > We might want to consider restructuring how SSL works when we do, that > might make it easier. The way it is now with #ifdefs all around can > lead to > a horrible mess if there are too many different things to choose from. > Something like "transport filters" or whatever might be a way to do > it. I > recall having looked at that at some point, but it was too long ago to > remember any details.. > > //Magnus If someone wants to make it easier, that would be nice, I'm not up for it, I don't think. ------------------------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu