On Wed, May 23, 2018 at 11:08 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
On 23/05/18 09:59, Magnus Hagander wrote:
With that, a connection would be allowed, if either the server's SSL certificate is verified as with "sslmode=verify-full", *or* SCRAM authentication with channel binding was used. Or perhaps cram it into sslmode, "sslmode=verify-full-or-scram-channel-binding", just with a nicer name. (We can do that after v11 though, I think.)
sslmode=verify-full is very different from SCRAM with channel binding, isn't it? As in, SCRAM with channel binding at no point proves which server you're talking to -- only that you are talking to the SSL endpoint? It could be a rogue SSL endpoint unless you do certificate validation.
SCRAM, even without channel binding, does prove that you're talking to the correct server. Or to be precise, it proves to the client, that the server also knows the password, so assuming that you're using strong passwords and not sharing them across servers, you know that you're talking to the correct server.
Right. It provides a very different guarantee from what ssl certs provide. They are not replaceable, or mutually exclusive. Trying to force those into a single configuration parameter doesn't make a lot of sense IMO.
Channel binding adds the guarantee that the SSL endpoint belongs to the same server you're authenticating with, i.e. there is no man in the middle.
Yeah, it does protect you against things like pgbouncer (a real one or a rogue one- the rogue one being the mitm attacker). But again, only if you never share a password, which would be a nice world to live in :)