From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
Subject: | Re: SCRAM with channel binding downgrade attack |
Date: | 2018-05-23 09:08:35 |
Message-ID: | 41566858-1531-95d2-83ac-3895c38b2d9e@iki.fi |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-www |
On 23/05/18 09:59, Magnus Hagander wrote:
>> With that, a connection would be allowed, if either the server's SSL
>> certificate is verified as with "sslmode=verify-full", *or* SCRAM
>> authentication with channel binding was used. Or perhaps cram it into
>> sslmode, "sslmode=verify-full-or-scram-channel-binding", just with a
>> nicer name. (We can do that after v11 though, I think.)
>
> sslmode=verify-full is very different from SCRAM with channel binding,
> isn't it? As in, SCRAM with channel binding at no point proves which server
> you're talking to -- only that you are talking to the SSL endpoint? It
> could be a rogue SSL endpoint unless you do certificate validation.
SCRAM, even without channel binding, does prove that you're talking to
the correct server. Or to be precise, it proves to the client, that the
server also knows the password, so assuming that you're using strong
passwords and not sharing them across servers, you know that you're
talking to the correct server.
Channel binding adds the guarantee that the SSL endpoint belongs to the
same server you're authenticating with, i.e. there is no man in the middle.
- Heikki
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2018-05-23 09:10:36 | Re: SCRAM with channel binding downgrade attack |
Previous Message | Thomas Munro | 2018-05-23 09:07:49 | Re: Add --include-table-data-where option to pg_dump, to export only a subset of table data |
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2018-05-23 09:10:36 | Re: SCRAM with channel binding downgrade attack |
Previous Message | Magnus Hagander | 2018-05-23 09:01:10 | Re: SCRAM with channel binding downgrade attack |