Re: [PATCH v20] GSSAPI encryption support

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Stephen Frost <sfrost@snowman.net>, Robbie Harwood <rharwood@redhat.com>
Cc: Andres Freund <andres@anarazel.de>, pgsql-hackers@postgresql.org, Nico Williams <nico@cryptonector.com>, Michael Paquier <michael@paquier.xyz>, Alvaro Herrera <alvherre@2ndquadrant.com>, David Steele <david@pgmasters.net>
Date: 2019-02-20T10:15:32Z
Lists: pgsql-hackers
On 2019-02-18 16:32, Stephen Frost wrote:
> Considering this is only the second encryption protocol in the project's
> lifetime, I agree that using callbacks would be overkill here.  What
> other encryption protocols are you thinking we would be adding here?  I
> think most would be quite hard-pressed to name a second general-purpose
> one beyond TLS/SSL, and those who can almost certainly would say GSS,
> but a third?  Certainly OpenSSH has its own, but it's not intended to be
> general purpose and I can't see us adding support for OpenSSH's
> encryption protocol to PG.

I did look into an SSH-based encryption layer at one point.  It's
certainly attractive in terms of simplicity over SSL.  But your point
stands nonetheless, for two or three plausible implementations, we don't
necessarily need a generic plugin system.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


Commits

  1. GSSAPI encryption support

  2. Fix typo