Peter Eisentraut <pete...@gmx.net> writes:
> On Friday 10 April 2009 21:27:54 Stephen Frost wrote:
>> I agree with this. Avoiding spoofing is good, but so is on the wire
>> encryption even if you don't have anti-spoofing. This is a reasonable
>> set-up and we shouldn't just fail on it.
> This whole debate hinges on the argument that encryption without
> anti-spoofing is *not* useful.
If we believe that then we need to also change the server to require
a root.crt. I do not believe it --- there is a significant difference
in the difficulty of passive listening and active spoofing.
regards, tom lane
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs
