Re: [PATCH v20] GSSAPI encryption support
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Stephen Frost <sfrost@snowman.net>, Robbie Harwood <rharwood@redhat.com>
Cc: Andres Freund <andres@anarazel.de>, pgsql-hackers@postgresql.org,
Nico Williams <nico@cryptonector.com>, Michael Paquier
<michael@paquier.xyz>, Alvaro Herrera <alvherre@2ndquadrant.com>,
David Steele <david@pgmasters.net>
Date: 2019-02-20T10:15:32Z
Lists: pgsql-hackers
On 2019-02-18 16:32, Stephen Frost wrote: > Considering this is only the second encryption protocol in the project's > lifetime, I agree that using callbacks would be overkill here. What > other encryption protocols are you thinking we would be adding here? I > think most would be quite hard-pressed to name a second general-purpose > one beyond TLS/SSL, and those who can almost certainly would say GSS, > but a third? Certainly OpenSSH has its own, but it's not intended to be > general purpose and I can't see us adding support for OpenSSH's > encryption protocol to PG. I did look into an SSH-based encryption layer at one point. It's certainly attractive in terms of simplicity over SSL. But your point stands nonetheless, for two or three plausible implementations, we don't necessarily need a generic plugin system. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
GSSAPI encryption support
- b0b39f72b990 12.0 landed
-
Fix typo
- 57c932475504 9.6.0 cited