Home > mailing lists

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	Re: SCRAM with channel binding downgrade attack
Date	June 28, 2018 13:33:09
Msg-id	CABUevExMo5jNw1Jvw+t2dbMYg+dBY_=5o0m=OrmpT=MOhfyn7g@mail.gmail.com Whole thread Raw
In response to	Re: SCRAM with channel binding downgrade attack (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses	Re: SCRAM with channel binding downgrade attack
List	pgsql-hackers

Tree view

On Wed, Jun 27, 2018 at 6:55 PM, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:

On 6/14/18 13:43, Magnus Hagander wrote:
> I still think that the fact that we are still discussing what is
> basically the *basic concepts* of how this would be set up after we have
> released beta1 is a clear sign that this should not go into 11.

Other than some naming and handling of some nonsensical combinations,
what is unclear?

Should there be one or more parameters? How should they interact? At which level should they be controlled? Limited to SCRAM or other channel bindings? Are the different levels of SCRAM to be considered different protocols or the same protocol with a tweak? etc.

Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/

pgsql-hackers by date:

From: Masahiko Sawada
Date: 28 June 2018, 13:20:53
Subject: Re: Changing the autovacuum launcher scheduling; oldest table first algorithm

From: Magnus Hagander
Date: 28 June 2018, 13:35:57
Subject: Re: SCRAM with channel binding downgrade attack

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

Previous

Next