Home > mailing lists

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: SCRAM with channel binding downgrade attack
Date	June 27, 2018 23:24:15
Msg-id	20180627172415.y2pby7gau77274cm@alvherre.pgsql Whole thread Raw
In response to	Re: SCRAM with channel binding downgrade attack (Bruce Momjian <bruce@momjian.us>)
Responses	Re: SCRAM with channel binding downgrade attack
List	pgsql-hackers

Tree view

Going over this thread a little bit I'm confused about what is being
proposed.  I think I understand that we no longer think we have have
SCRAM channel binding.  I hope that doesn't mean we don't have SCRAM
itself.  However, in terms of the Postgres release proper, what do we
need to do?  There is still an open item about this, and I had the
impression that if we simply demoted channel binding from a pg11 major
feature to barely a footnote that somebody can implement it with some
hypothetical future JDBC driver that supports the option, then we're
done.

Am I mistaken?

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

pgsql-hackers by date:

From: Pavel Stehule
Date: 27 June 2018, 23:17:05
Subject: Re: [HACKERS] proposal: schema variables

From: Fujii Masao
Date: 28 June 2018, 00:21:51
Subject: Re: Speedup of relation deletes during recovery

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

Previous

Next