| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>,Bruce Momjian <bruce(at)momjian(dot)us>,Magnus Hagander <magnus(at)hagander(dot)net>,PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>,Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: SCRAM with channel binding downgrade attack |
| Date: | 2018-05-25 15:24:07 |
| Message-ID: | D3D808E3-32BC-441C-9E0A-6DCDA508148B@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-www |
On 25 May 2018 17:44:16 EEST, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>On Wed, May 23, 2018 at 2:46 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
>wrote:
>> We could provide "tls-unique" and "tls-server-end-point" in addition
>to
>> those, but I'd consider those to be developer only settings, useful
>only for
>> testing the protocol.
>
>It seems to me that this is really another sort of thing altogether.
>Whether or not you want to insist on channel binding is a completely
>separate thing from which channel binding methods you're willing to
>use. It seems to me like the most logical thing would be to make
>these two separate connection options.
Works for me.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2018-05-25 15:25:00 | Re: [HACKERS] Transactions involving multiple postgres foreign servers |
| Previous Message | Tom Lane | 2018-05-25 15:21:49 | Re: rule-related crash in v11 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2018-05-25 23:32:20 | Re: SCRAM with channel binding downgrade attack |
| Previous Message | Robert Haas | 2018-05-25 14:44:16 | Re: SCRAM with channel binding downgrade attack |