Comment by zie

Comment by zie 10 months ago

3 replies

View on Hacker News

What are you talking about?

public key cryptography is well understood and used everywhere: HTTPS, SSH, Signal, etc.

See: https://en.wikipedia.org/wiki/Public-key_cryptography

In postgres specifically: https://www.postgresql.org/docs/16/ssl-tcp.html and https://www.postgresql.org/docs/16/runtime-config-connection...

You can enforce TLSv1.3 on all network connections using `ssl_min_protocol_version`(postgres.conf) and `hostssl`(in pg_hba.conf)

This puts you ahead of most web servers which often still allow TLSv1.1.

You can make Postgres secure or not, your call. Just like with everything else.

aborsy 10 months ago

I would note that, although obviously the confidentiality in TLS is based on public key cryptography, authentication by mTLS doesn’t reach the cryptography part.

The process starts with a client and server hello. Then the server sends its certificate to the client, and the client sends its certificate to the server. The server verifies that the client’s certificate is signed by a certificate authority in its trust store. That’s the authentication part. The client’s private key is not used.

The confidentiality comes next if authentication is successful.

I asked because X509 certificates are complex and difficult to securely parse. Also mTLS is rarely used.

Reply View 2 replies
  • zie 10 months ago

    PostgreSQL uses OpenSSL for TLS: https://www.postgresql.org/docs/devel/install-requirements.h...

    > The client’s private key is not used.

    This whole section is incorrect. It's called mutual TLS. The client's private key is used to prove to the server it has the private key for the public key it's handing to the server. Just like the server has to prove to the client, it has the private key to the public cert it hands out.

    Otherwise there is no authentication going on at all.

    See the RFC: https://www.rfc-editor.org/rfc/rfc8446 If you are unfamiliar with RFC's, see Section 4.4 and Appendix E.1, which talk about client auth and the handshake respectively.

    > I asked because X509 certificates are complex and difficult to securely parse

    Yes, but that's why PG relies on OpenSSL to do that work for them. It's widely deployed, even using client certificates. X.509 is used with client certificates by at least 3.5M active personnel with the US DoD via their Common Access Card, as one widely used example.

    > Also mTLS is rarely used.

    Mutual TLS or client auth is not often used in the browser context, because the browsers have miserable UX around it. I wish that would change, but I'm one of the very few.

    It's regularly used outside of the browser context though. Lots of B2B and Service Oriented Architectures use it.

    Reply View 1 reply
    • aborsy 10 months ago

      Yes, sorry the private is indeed used in mTLS.

      Without that there is still authentication: clients who don’t presents a certificate signed by CA are refused. A weaker form of authentication is who ever presents a signed certificate connects, regardless of whether they hold the private key or not. In practice, these two are packed into a p12 certificate anyways, at least browsers.

      Interesting that defense industry uses mTLS. It’s a pitty because the UX could be good: no need to route the entire traffic by a VPN. Simply have a certificate in the browser and the user will have access with no further action or setup.

      Reply View 0 replies