Received: from localhost (unknown [200.46.204.183]) by postgresql.org (Postfix) with ESMTP id CC7EC2E02AE for ; Wed, 12 Mar 2008 18:59:29 -0300 (ADT) Received: from postgresql.org ([200.46.204.71]) by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024) with ESMTP id 12233-03 for ; Wed, 12 Mar 2008 18:59:21 -0300 (ADT) X-Greylist: from auto-whitelisted by SQLgrey-1.7.5 Received: from svr2.hagander.net (svr2.hagander.net [88.198.128.226]) by postgresql.org (Postfix) with ESMTP id 3698A2E026F for ; Wed, 12 Mar 2008 18:59:21 -0300 (ADT) Received: from dynamic.hagander.net ([127.0.0.1]) (encrypted and authenticated) by svr2.hagander.net (Postfix) with ESMTP id BC73EDCC909; Wed, 12 Mar 2008 22:59:18 +0100 (CET) Received: by mha-laptop.hagander.net (Postfix, from userid 1000) id BEDBCFFCF5; Wed, 12 Mar 2008 23:00:28 +0100 (CET) Subject: Re: Community accounts and SSL From: Magnus Hagander To: "Joshua D. Drake" Cc: Tom Lane , Peter Eisentraut , pgsql-www@postgresql.org In-Reply-To: <20080312143313.71fb7c2b@commandprompt.com> References: <200803122019.33349.peter_e@gmx.net> <1205355841.5803.8.camel@mha-laptop.clients.sollentuna.se> <20080312141353.1d74caad@commandprompt.com> <900.1205357111@sss.pgh.pa.us> <20080312143313.71fb7c2b@commandprompt.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Wed, 12 Mar 2008 23:00:28 +0100 Message-Id: <1205359228.5803.18.camel@mha-laptop.clients.sollentuna.se> Mime-Version: 1.0 X-Mailer: Evolution 2.12.1 X-Virus-Scanned: Maia Mailguard 1.0.1 X-Archive-Number: 200803/307 X-Sequence-Number: 14426 On Wed, 2008-03-12 at 14:33 -0700, Joshua D. Drake wrote: > On Wed, 12 Mar 2008 17:25:11 -0400 > Tom Lane wrote: > > > "Joshua D. Drake" writes: > > > That is certainly one way, but do we really need that? Isn't a self > > > signed cert good enough? > > > > Self-signed certs on a public-facing website scream of amateurism. > > Every time someone visits the site, their browser will complain > > about it, and quite rightly. > > Well that isn't true. It asks once and that's it. I will admit > though that FF3 certainly makes it abundantly clear that it doesn't like > it that first time. As far as the amateurism, opinion vary :). It does not. If you click the proper button in your browser, it doesn't even let you in. If you click the second-least-improper one, it will complain every time. Only if you pick the one option you're really not supposed to pick, does it only complain once. I dunno aobut other browsers, but in firefox the "bitch again next session" is the default, and in modern IE versions, not letting you in at all is the default. Using a self-signed certificate is only secure if you somehow distribute the self-signed certificate to all clients but a different, secure, path. > > If you wanna do this, you need to pony up some cash to Verisign or > > one of the other recognized CAs. > > Well like I said, we can do that. If that is the way the community > wants to go. A 5 year wildcard cert which could be used across all > subdomains is about 500.00. Wildcard cert might be an option. I don't recall which browsers they are supported these days. It's also a potential security issue - we can't use them on something like a shared host somewhere. Perhaps one, or when we get more requirements a couple, of regular certificates is a better way to go? The free option is to use CACert. It's not included by default in any browser (I think - maybe some really new one has it), but it does have an actual statement of trust along with it. //Magnus