Received: from localhost (unknown [200.46.204.184]) by postgresql.org (Postfix) with ESMTP id 4297B2E2FAF for ; Wed, 12 Mar 2008 19:12:26 -0300 (ADT) Received: from postgresql.org ([200.46.204.71]) by localhost (mx1.hub.org [200.46.204.184]) (amavisd-maia, port 10024) with ESMTP id 97543-01-10 for ; Wed, 12 Mar 2008 19:12:16 -0300 (ADT) X-Greylist: from auto-whitelisted by SQLgrey-1.7.5 Received: from roadrunner.wars-nicht.de (roadrunner.wars-nicht.de [88.198.26.233]) by postgresql.org (Postfix) with ESMTP id AB9432E3938 for ; Wed, 12 Mar 2008 19:06:24 -0300 (ADT) Received: from iridium.wars-nicht.de (Qd35f.q.pppool.de [89.53.211.95]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by roadrunner.wars-nicht.de (Postfix) with ESMTP id 707649D4134 for ; Wed, 12 Mar 2008 23:06:22 +0100 (CET) Received: from iridium.home (iridium.wars-nicht.de [127.0.0.1]) by iridium.wars-nicht.de (Postfix) with ESMTP id 67D8F3DD0D3 for ; Wed, 12 Mar 2008 23:06:19 +0100 (CET) Date: Wed, 12 Mar 2008 23:06:19 +0100 From: Andreas 'ads' Scherbaum To: pgsql-www@postgresql.org Subject: Re: Community accounts and SSL Message-ID: <20080312230619.1c347d3b@iridium.home> In-Reply-To: <20080312143313.71fb7c2b@commandprompt.com> References: <200803122019.33349.peter_e@gmx.net> <1205355841.5803.8.camel@mha-laptop.clients.sollentuna.se> <20080312141353.1d74caad@commandprompt.com> <900.1205357111@sss.pgh.pa.us> <20080312143313.71fb7c2b@commandprompt.com> X-Mailer: Claws Mail 2.10.0 (GTK+ 2.12.0; i486-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: Maia Mailguard 1.0.1 X-Archive-Number: 200803/312 X-Sequence-Number: 14431 On Wed, 12 Mar 2008 14:33:13 -0700 Joshua D. Drake wrote: > On Wed, 12 Mar 2008 17:25:11 -0400 > Tom Lane wrote: > > > "Joshua D. Drake" writes: > > > That is certainly one way, but do we really need that? Isn't a self > > > signed cert good enough? > > > > Self-signed certs on a public-facing website scream of amateurism. > > Every time someone visits the site, their browser will complain > > about it, and quite rightly. > > Well that isn't true. It asks once and that's it. I will admit > though that FF3 certainly makes it abundantly clear that it doesn't like > it that first time. As far as the amateurism, opinion vary :). Yes, you can tell your browser not to complain again, that's true but that's not what you want. How should i know who issued the cert in the first place? Was it you, Joshua, was the cert issued and signed by the www team or was it some hacker just sitting in the middle between my dsl and the postgresql infrastructure? > > If you wanna do this, you need to pony up some cash to Verisign or > > one of the other recognized CAs. > > Well like I said, we can do that. If that is the way the community > wants to go. A 5 year wildcard cert which could be used across all > subdomains is about 500.00. We could also try CACert. Kind regards -- Andreas 'ads' Scherbaum German PostgreSQL User Group European PostgreSQL User Group - Board of Directors