| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | * Neustradamus * <neustradamus(at)hotmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: RFC 9266: Channel Bindings for TLS 1.3 support |
| Date: | 2025-11-20 21:52:07 |
| Message-ID: | 64020c29-9da7-4a4d-b61b-53c1a3fdff49@iki.fi |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 20/11/2025 22:58, * Neustradamus * wrote:
> Dear PostgreSQL team, dear all,
>
> In 2022, I have contacted PostgreSQL team about Channel Binding:
> - https://www.postgresql.org/search/?m=1&q=tls-exporter&l=&d=-1&s=i
>
> We are in 2025, I relaunch the subject because several developers always say me: "it is not supported by PostgreSQL".
>
> Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
> - https://datatracker.ietf.org/doc/html/rfc9266
I think that would be great. Patches are welcome!
The tricky part is probably going to be to make the protocol changes in
a way that is both backwards-compatible and as secure as possible. But
I'm sure it can be done.
> Channel Bindings for TLS: https://datatracker.ietf.org/doc/html/rfc5929
>
> - XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html
> - XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
> - XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
> - XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html
>
> Little details, to know easily:
> - tls-unique for TLS =< 1.2 (RFC5929)
> - tls-server-end-point =< 1.2 + 1.3 (RFC5929)
> - tls-exporter for TLS = 1.3 (RFC9266)
>
> After the jabber.ru MITM, it is time to add it:
> - https://notes.valdikss.org.ru/jabber.ru-mitm/
> - https://snikket.org/blog/on-the-jabber-ru-mitm/
> - https://www.devever.net/~hl/xmpp-incident
> - https://blog.jmp.chat/b/certwatch/certwatch
PostgreSQL does support channel binding, with tls-server-end-point. I
believe that sufficient to prevent an attack like that. (Assuming that
it's configured correctly, but that's an issue of insecure defaults
rather than a missing feature).
What are the benefits of tls-exporter over tls-server-end-point? I agree
it would be good to support tls-exporter, since RFC9266 specifies it as
mandatory for channel binding over TLS 1.3. But aside from the RFC, is
there some practical difference?
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2025-11-20 21:52:52 | Re: RFC 9266: Channel Bindings for TLS 1.3 support |
| Previous Message | Nathan Bossart | 2025-11-20 21:46:42 | Re: vacuumdb: add --dry-run |