On Wed, May 16, 2018 at 08:20:49PM -0400, Bruce Momjian wrote:
> SCRAM-with-binding is the first password method that attempts to avoid
> man-in-the-middle attacks, and therefore is much less likely to be able
> to trust what the endpoints supports. I think it is really the
> channel_binding_mode that we want to control at the client. The lesser
> modes are much more reasonable to use an automatic best-supported
> negotiation, which is what we do now.
Noted. Which means that the parameter is ignored when using a non-SSL
connection, as well as when the server tries to enforce the use of
anything else than SCRAM.
> FYI, I think the server could also require channel binding for SCRAM. We
> already have scram-sha-256 in pg_hba.conf, and I think
> scram-sha-256-plus would be reasonable.
Noted as well. There is of course the question of v10 libpq versions
which don't support channel binding, but if an admin is willing to set
up scram-sha-256-plus in pg_hba.conf then he can request his users to
update his drivers/libs as well.
What's the take of others? Magnus, Stephen or Heikki perhaps (you've
been the most involved with SCRAM early talks)?
--
Michael
