public inbox for [email protected]  
help / color / mirror / Atom feed
From: Jacob Champion <[email protected]>
To: Hannu Krosing <[email protected]>
Cc: Jelte Fennema-Nio <[email protected]>
Cc: Ajit Awekar <[email protected]>
Cc: PostgreSQL-development <[email protected]>
Cc: Dave Cramer <[email protected]>
Cc: Heikki Linnakangas <[email protected]>
Subject: Re: Periodic authorization expiration checks using GoAway message
Date: Wed, 10 Dec 2025 12:02:23 -0800
Message-ID: <CAOYmi+kpSN9MPxP_XeRHVCXP4FcN+n+5hrCdKD9qM9KXSGKhSw@mail.gmail.com> (raw)
In-Reply-To: <CAMT0RQQTahXBBDRsB9z9wzvB7y9iYO7XiVfTX+2-7DKebxcbrw@mail.gmail.com>
References: <CAER375OvH3_ONmc-SgUFpA6gv_d6eNj2KdZktzo-f_uqNwwWNw@mail.gmail.com>
	<CAGECzQS7Eab2vFBgE8DAq1RnTVoYb0a5X7iMyaNvApAHA7Qm2A@mail.gmail.com>
	<CAMT0RQQTahXBBDRsB9z9wzvB7y9iYO7XiVfTX+2-7DKebxcbrw@mail.gmail.com>

(To call it out explicitly: I work with Ajit, and I asked him to take
a look at GoAway, and I'm particularly interested in the
"reauthenticate or else" case. Let me know if any of that is
problematic -- or if anyone's worried that it will become so -- so I
can course-correct sooner rather than later.)

On Fri, Nov 28, 2025 at 9:52 AM Hannu Krosing <[email protected]> wrote:
> Also have not looked at the patch, but we should also make sure that
> there is not just be GoAway, but also a way to re-authenticate or
> "extend lease" or whatever the terminology is for a specific
> authentication method.

I agree. I like the idea of the server coordinating (and then
enforcing) connection lifetime and cross-connection handoffs with the
client, but like Jelte said, the current GoAway proposal isn't really
built for that.

Is there enough interest in the more general problem for us to try
combining the use cases? Or should they remain separate?

Thanks,
--Jacob





view thread (33+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Periodic authorization expiration checks using GoAway message
  In-Reply-To: <CAOYmi+kpSN9MPxP_XeRHVCXP4FcN+n+5hrCdKD9qM9KXSGKhSw@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox