On Wed, Jun 3, 2020 at 07:57:16PM -0400, Chapman Flack wrote: > For example, we might agree that it is safe to trust nothing but the > end-entity cert of my server itself. I made a server, here is its cert, > here is a root.crt file for libpq containing only this exact cert, I > want libpq to connect only ever to this server with this cert and nothing > else. It's a pain because I have to roll out new root.crt files to everybody > whenever the cert changes, but it would be hard to call it unsafe.
I think you have hit on the reason CAs are used. By putting a valid root certificate on the client, the server certificate can be changed without modifying the certificate on the client. Without that ability, every client would need be changed as soon as the server certificate was changed. Allowing intermediate certificates to function as root certificates would fix that problem. When the non-trusted CA changes your certificate, you are going to have the same problem updating everything at once. This is why a root certificate, which never changes, is helpful. -- Bruce Momjian <br...@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee
