| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | * Neustradamus * <neustradamus(at)hotmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: RFC 9266: Channel Bindings for TLS 1.3 support |
| Date: | 2025-11-21 08:46:02 |
| Message-ID: | 91e27d46-97ad-4527-abc8-1cacf0b60f2e@iki.fi |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 20/11/2025 23:59, Jacob Champion wrote:
> On Thu, Nov 20, 2025 at 1:52 PM Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
>> PostgreSQL does support channel binding, with tls-server-end-point. I
>> believe that sufficient to prevent an attack like that.
>
> No, IIRC unique bindings (-unique and -exporter) prevent MITM even if
> the attacker has the server's private key, as long as they do not also
> possess the SCRAM verifiers. tls-server-end-point does not prevent
> against that (so you can terminate TLS on a different node from the
> verifiers).
If I understood the incident correctly, the attacker managed to somehow
obtain a valid TLS certificate for the victim domain. They used that to
perform a MITM attack. They did not have the server's private key. (Or
if they did, they did not use that for the attack).
That's an advantage in general though, even if it wouldn't have made a
difference in this instance. So fair point.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | * Neustradamus * | 2025-11-21 08:49:25 | Re: RFC 9266: Channel Bindings for TLS 1.3 support |
| Previous Message | jian he | 2025-11-21 08:41:05 | Re: CAST(... ON DEFAULT) - WIP build on top of Error-Safe User Functions |