| From: | * Neustradamus * <neustradamus(at)hotmail(dot)com> |
|---|---|
| To: | Nico Williams <nico(at)cryptonector(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "alexey(dot)melnikov(at)isode(dot)com" <alexey(dot)melnikov(at)isode(dot)com>, Simon Josefsson <simon(at)josefsson(dot)org> |
| Subject: | Re: RFC 9266: Channel Bindings for TLS 1.3 support |
| Date: | 2025-11-23 01:44:18 |
| Message-ID: | AS8PR10MB7427406BAF0090E94125EDACCBD3A@AS8PR10MB7427.EURPRD10.PROD.OUTLOOK.COM |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello Nico,
Thanks for your answer!
Links of XEPs are here to confirm that "tls-exporter" is needed and already used.
XEPs are already supported by a lot of projects/softwares/companies in production, for example on GitHub, we can see:
- https://github.com/search?q=XEP-0480+-repo%3Axsf%2Fxeps+-repo%3Axsf%2Fxep-attic+-repo%3Axsf%2Fxmpp.org&type=code
- https://github.com/search?q=XEP-0388+-repo%3Axsf%2Fxeps+-repo%3Axsf%2Fxep-attic+-repo%3Axsf%2Fxmpp.org&type=code
- https://github.com/search?q=XEP-0440+-repo%3Axsf%2Fxeps+-repo%3Axsf%2Fxep-attic+-repo%3Axsf%2Fxmpp.org&type=code
- https://github.com/search?q=XEP-0474+-repo%3Axsf%2Fxeps+-repo%3Axsf%2Fxep-attic+-repo%3Axsf%2Fxmpp.org&type=code
At the same time, about these XEPs, it is the base of the "draft-melnikov-sasl2" done by Alexey Melnikov (author of several RFCs), that you know of course:
- https://datatracker.ietf.org/doc/html/draft-melnikov-sasl2
- https://datatracker.ietf.org/person/Alexey%20Melnikov
Several people would like to deprecate "tls-server-end-point" (RFC 5929) like Simon Josefsson (author of several RFCs), that you know of course, because RFC 9266 exists since July 2022:
- https://mailarchive.ietf.org/arch/msg/kitten/zpesKSHsiuy1RvhPlbSUGajLbKQ/
- https://datatracker.ietf.org/person/Simon%20Josefsson
For example, he is the GNU SASL maintainer and he does not want to add tls-server-end-point support:
- https://gitlab.com/gsasl/gsasl/-/issues/13
Other talks about tls-server-end-point:
- https://mailarchive.ietf.org/arch/browse/kitten/?q=tls-server-end-point&gbt=1&index=
- https://mail.jabber.org/hyperkitty/search?count=200&q=tls-server-end-point&page=1&mlist=standards%40xmpp.org&sort=date-asc
- https://mailarchive.ietf.org/arch/browse/tls/?q=tls-server-end-point&gbt=1&index=
So it is really important to support "tls-exporter".
Regards,
Neustradamus
________________________________________
From: Nico Williams <nico(at)cryptonector(dot)com>
Sent: Friday, November 21, 2025 18:32
To: * Neustradamus *
Cc: PostgreSQL Hackers
Subject: Re: RFC 9266: Channel Bindings for TLS 1.3 support
On Thu, Nov 20, 2025 at 08:58:54PM +0000, * Neustradamus * wrote:
> - XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html
> - XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
> - XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
> - XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html
Why are XEPs relevant to PG?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | ocean_li_996 | 2025-11-23 02:15:24 | Re:[BUG] Incorrect historic snapshot may be serialized to disk during fast-forwarding |
| Previous Message | Tom Lane | 2025-11-23 00:44:41 | Re: Inline non-SQL SRFs using SupportRequestSimplify |