On 11/26/2013 12:16 PM, Robin wrote:
- A self-signed certificate can be issued by anybody, there is no way of authenticating the issuer.
- Distributing self-signed certificates becomes a pain - if signed by a CA, its easy to lodge your public key where everybody can find it, and knows where to look for it.
- Maintenance becomes a problem
while that's all true for public https or whatever, none of this applies to a point to point connection like libpq -> postmaster.
--
john r pierce 37N 122W
somewhere on the middle of the left coast