Re: SCRAM with channel binding downgrade attack

On Wed, Jun 27, 2018 at 7:24 PM, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
wrote:

> Going over this thread a little bit I'm confused about what is being
> proposed. I think I understand that we no longer think we have have
> SCRAM channel binding. I hope that doesn't mean we don't have SCRAM
> itself. However, in terms of the Postgres release proper, what do we
> need to do? There is still an open item about this, and I had the
> impression that if we simply demoted channel binding from a pg11 major
> feature to barely a footnote that somebody can implement it with some
> hypothetical future JDBC driver that supports the option, then we're
> done.
>
> Am I mistaken?
>

No, we absolutely still have SCRAM channel binding.

*libpq* has no way to *enforce* it, meaning it always acts like our default
SSL config which is "use it if available but if it's not then silently
accept the downgrade". From a security perspective, it's just as bad as our
default ssl config, but unlike ssl you can't configure a requirement in 11.

There is nothing preventing a third party driver like jdbc or npgsql to
implement a way to enforce it. I would generally recommend they wait for
the outcome of the discussion about parameters and names in order to
implement the same semantics, but they don't have to wait for the next
postgres release.

It doesn't affect the having of SCRAM at all. That one is still there, and
has been since 10.

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>