From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
Subject: | Re: SCRAM with channel binding downgrade attack |
Date: | 2018-05-23 09:15:28 |
Message-ID: | CABUevExbPWE2F+ApDoggWj-BPEQryS-_7t0VmqvP80sn2jGUow@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-www |
On Wed, May 23, 2018 at 11:08 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
wrote:
> On 23/05/18 09:59, Magnus Hagander wrote:
>
>> With that, a connection would be allowed, if either the server's SSL
>>> certificate is verified as with "sslmode=verify-full", *or* SCRAM
>>> authentication with channel binding was used. Or perhaps cram it into
>>> sslmode, "sslmode=verify-full-or-scram-channel-binding", just with a
>>> nicer name. (We can do that after v11 though, I think.)
>>>
>>
>> sslmode=verify-full is very different from SCRAM with channel binding,
>> isn't it? As in, SCRAM with channel binding at no point proves which
>> server
>> you're talking to -- only that you are talking to the SSL endpoint? It
>> could be a rogue SSL endpoint unless you do certificate validation.
>>
>
> SCRAM, even without channel binding, does prove that you're talking to the
> correct server. Or to be precise, it proves to the client, that the server
> also knows the password, so assuming that you're using strong passwords and
> not sharing them across servers, you know that you're talking to the
> correct server.
>
Right. It provides a very different guarantee from what ssl certs provide.
They are not replaceable, or mutually exclusive. Trying to force those into
a single configuration parameter doesn't make a lot of sense IMO.
Channel binding adds the guarantee that the SSL endpoint belongs to the
> same server you're authenticating with, i.e. there is no man in the middle.
Yeah, it does protect you against things like pgbouncer (a real one or a
rogue one- the rogue one being the mitm attacker). But again, only if you
never share a password, which would be a nice world to live in :)
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
From | Date | Subject | |
---|---|---|---|
Next Message | Heikki Linnakangas | 2018-05-23 09:31:40 | Subplan result caching |
Previous Message | Michael Paquier | 2018-05-23 09:10:36 | Re: SCRAM with channel binding downgrade attack |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-05-23 15:05:35 | gitweb not working too well |
Previous Message | Michael Paquier | 2018-05-23 09:10:36 | Re: SCRAM with channel binding downgrade attack |