Home > mailing lists

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: SCRAM with channel binding downgrade attack
Date	June 7, 2018 02:20:24
Msg-id	5586d6d1-7804-84da-a9ff-fdf6eaa7df75@2ndquadrant.com Whole thread Raw
In response to	Re: SCRAM with channel binding downgrade attack (Michael Paquier <michael@paquier.xyz>)
Responses	Re: SCRAM with channel binding downgrade attack
List	pgsql-hackers

Tree view

Aren't we attacking this on the wrong level?  We are here attempting to
prevent a SCRAM-SHA-256-PLUS -> SCRAM-SHA-256 downgrade, but we are not
preventing a SCRAM-SHA-256-PLUS -> anything-else downgrade.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

pgsql-hackers by date:

From: "David G. Johnston"
Date: 07 June 2018, 02:16:36
Subject: libpq compression

From: Andrew Gierth
Date: 07 June 2018, 02:25:14
Subject: Re: Why is fncollation in FunctionCallInfoData rather than fmgr_info?

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

Previous

Next