On Wed, May 23, 2018 at 11:15:28AM +0200, Magnus Hagander wrote:
> On Wed, May 23, 2018 at 11:08 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> SCRAM, even without channel binding, does prove that you're talking to the
> correct server. Or to be precise, it proves to the client, that the server
> also knows the password, so assuming that you're using strong passwords and
> not sharing them across servers, you know that you're talking to the
> correct server.
>
> Right. It provides a very different guarantee from what ssl certs provide. They
> are not replaceable, or mutually exclusive. Trying to force those into a single
> configuration parameter doesn't make a lot of sense IMO.
True. sslmode is checking the the SSL endpoint with which you have a
shared secret has access to the private key of a server certificate that
is signed by a trusted CA, and perhaps the certificate's subject name
also matches the hostname.
With channel binding, you are proving that the SSL endpoint with which
you have a shared secret has access to the user password hash.
I can imagine someone wanting both checks so merging them into a single
options seems unwise, as Magnus mentioned.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +