MIME-Version: 1.0
From: Javier Gutierrez-Maturana sanchez <fj.gutierrezs91@gmail.com>
Date: Sat, 21 Mar 2026 19:44:42 +0100
Message-ID: 
 <CA+5Zhp62fb6WMyzm1ZpKiYw3Pbtrjb=Vehug4xKmNeovpNjaCw@mail.gmail.com>
Subject: Proposal: Implementing Botan as an alternative TLS backend for
 PostgreSQL
To: pgsql-hackers@lists.postgresql.org,
	Enrique Soriano <enrique.soriano@gmail.com>,
 Gorka Guardiola <paurea@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000008672ea064d8d32ce"
Archived-At: 
 <https://www.postgresql.org/message-id/CA%2B5Zhp62fb6WMyzm1ZpKiYw3Pbtrjb%3DVehug4xKmNeovpNjaCw%40mail.gmail.com>
Precedence: bulk

--0000000000008672ea064d8d32ce
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hello PostgreSQL community,

I would like to start a discussion regarding the feasibility of decoupling
our current TLS implementation to allow for alternative cryptographic
backends, specifically **Botan** (via its C wrapper).

While OpenSSL is the current standard, the "rules of the game" in software
engineering are changing. The advent of advanced AI-assisted development
tools now provides the technical viability to undertake significant
refactorings=E2=80=94such as abstracting the network security layer=E2=80=
=94with much
higher precision and lower overhead than in the past.

The primary motivation for adding Botan support is **compliance and
architectural flexibility**:

1. **Regulatory Requirements:** In jurisdictions like Spain, the **CCN
(Centro Criptol=C3=B3gico Nacional)** sets specific standards for cryptogra=
phic
modules. Having an alternative like Botan facilitates certification in
these restricted environments.
2. **Architectural Robustness:** A provider-agnostic TLS layer makes
PostgreSQL more resilient to library-specific vulnerabilities or licensing
changes.
3. **Modern Integration:** Using Botan's C wrappers allows the engine to
benefit from a modern C++ cryptographic core while maintaining the
project's C-based architecture.

I am interested in knowing the community's stance on abstracting
`be-secure-openssl.c` into a more generic interface.

Best regards,

[Tu Nombre]

---

### Appendix: Proof of Concept - Proxy Model with Botan

To validate the viability of Botan in high-security environments without
depending on OpenSSL's native integration, I have developed a reference
implementation available at:
=F0=9F=91=89 [
https://github.com/jgmatu/management-sensors](https://github.com/jgmatu/man=
agement-sensors)

**Architectural Model:**
In this project, I implemented a **Quantum-Safe Proxy** that acts as a
bridge between non-PQC clients and the core system. Key features of this
model include:

* **Decoupled TLS Engine:** Using `QuantumSafeTlsEngine` (based on Botan
TLS v1.3) to handle all secure handshakes independently of the application
logic.
* **Reactive Event Bus:** Utilizing PostgreSQL's `LISTEN/NOTIFY` mechanism
to manage state and configurations without direct coupling between the
server and the controllers.
* **Post-Quantum Ready:** Demonstrating that Botan can provide PQC
(Post-Quantum Cryptography) algorithms today, which is a requirement
increasingly demanded by national security agencies like the CCN.

This proxy model proves that Botan is not only a viable alternative but
also provides advanced features that are currently difficult to implement
with a hard dependency on OpenSSL.

--0000000000008672ea064d8d32ce
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div dir=3D"auto"><br></div><div dir=3D"auto"><br></div><=
div dir=3D"auto">Hello PostgreSQL community,</div><div dir=3D"auto"><br></d=
iv><div dir=3D"auto">I would like to start a discussion regarding the feasi=
bility of decoupling our current TLS implementation to allow for alternativ=
e cryptographic backends, specifically **Botan** (via its C wrapper).</div>=
<div dir=3D"auto"><br></div><div dir=3D"auto">While OpenSSL is the current =
standard, the &quot;rules of the game&quot; in software engineering are cha=
nging. The advent of advanced AI-assisted development tools now provides th=
e technical viability to undertake significant refactorings=E2=80=94such as=
 abstracting the network security layer=E2=80=94with much higher precision =
and lower overhead than in the past.</div><div dir=3D"auto"><br></div><div =
dir=3D"auto">The primary motivation for adding Botan support is **complianc=
e and architectural flexibility**:</div><div dir=3D"auto"><br></div><div di=
r=3D"auto">1.  **Regulatory Requirements:** In jurisdictions like Spain, th=
e **CCN (Centro Criptol=C3=B3gico Nacional)** sets specific standards for c=
ryptographic modules. Having an alternative like Botan facilitates certific=
ation in these restricted environments.</div><div dir=3D"auto">2.  **Archit=
ectural Robustness:** A provider-agnostic TLS layer makes PostgreSQL more r=
esilient to library-specific vulnerabilities or licensing changes.</div><di=
v dir=3D"auto">3.  **Modern Integration:** Using Botan&#39;s C wrappers all=
ows the engine to benefit from a modern C++ cryptographic core while mainta=
ining the project&#39;s C-based architecture.</div><div dir=3D"auto"><br></=
div><div dir=3D"auto">I am interested in knowing the community&#39;s stance=
 on abstracting `be-secure-openssl.c` into a more generic interface.</div><=
div dir=3D"auto"><br></div><div dir=3D"auto">Best regards,</div><div dir=3D=
"auto"><br></div><div dir=3D"auto">[Tu Nombre]</div><div dir=3D"auto"><br><=
/div><div dir=3D"auto">---</div><div dir=3D"auto"><br></div><div dir=3D"aut=
o">### Appendix: Proof of Concept - Proxy Model with Botan</div><div dir=3D=
"auto"><br></div><div dir=3D"auto">To validate the viability of Botan in hi=
gh-security environments without depending on OpenSSL&#39;s native integrat=
ion, I have developed a reference implementation available at:</div><div di=
r=3D"auto">=F0=9F=91=89 [<a href=3D"https://github.com/jgmatu/management-se=
nsors](https://github.com/jgmatu/management-sensors)">https://github.com/jg=
matu/management-sensors](https://github.com/jgmatu/management-sensors)</a><=
/div><div dir=3D"auto"><br></div><div dir=3D"auto">**Architectural Model:**=
</div><div dir=3D"auto">In this project, I implemented a **Quantum-Safe Pro=
xy** that acts as a bridge between non-PQC clients and the core system. Key=
 features of this model include:</div><div dir=3D"auto"><br></div><div dir=
=3D"auto">* **Decoupled TLS Engine:** Using `QuantumSafeTlsEngine` (based o=
n Botan TLS v1.3) to handle all secure handshakes independently of the appl=
ication logic.</div><div dir=3D"auto">* **Reactive Event Bus:** Utilizing P=
ostgreSQL&#39;s `LISTEN/NOTIFY` mechanism to manage state and configuration=
s without direct coupling between the server and the controllers.</div><div=
 dir=3D"auto">* **Post-Quantum Ready:** Demonstrating that Botan can provid=
e PQC (Post-Quantum Cryptography) algorithms today, which is a requirement =
increasingly demanded by national security agencies like the CCN.</div><div=
 dir=3D"auto"><br></div><div dir=3D"auto">This proxy model proves that Bota=
n is not only a viable alternative but also provides advanced features that=
 are currently difficult to implement with a hard dependency on OpenSSL.</d=
iv><div dir=3D"auto"><br></div></div>

--0000000000008672ea064d8d32ce--