Home > mailing lists

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

From	Heikki Linnakangas
Subject	Re: SCRAM with channel binding downgrade attack
Date	May 25, 2018 21:24:07
Msg-id	D3D808E3-32BC-441C-9E0A-6DCDA508148B@iki.fi Whole thread Raw
In response to	Re: SCRAM with channel binding downgrade attack (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: SCRAM with channel binding downgrade attack (Michael Paquier <michael@paquier.xyz>)
List	pgsql-hackers

Tree view


On 25 May 2018 17:44:16 EEST, Robert Haas <robertmhaas@gmail.com> wrote:
>On Wed, May 23, 2018 at 2:46 AM, Heikki Linnakangas <hlinnaka@iki.fi>
>wrote:
>> We could provide "tls-unique" and "tls-server-end-point" in addition
>to
>> those, but I'd consider those to be developer only settings, useful
>only for
>> testing the protocol.
>
>It seems to me that this is really another sort of thing altogether.
>Whether or not you want to insist on channel binding is a completely
>separate thing from which channel binding methods you're willing to
>use.  It seems to me like the most logical thing would be to make
>these two separate connection options.

Works for me.

- Heikki

pgsql-hackers by date:

From: Tom Lane
Date: 25 May 2018, 21:21:49
Subject: Re: rule-related crash in v11

From: Robert Haas
Date: 25 May 2018, 21:25:00
Subject: Re: [HACKERS] Transactions involving multiple postgres foreign servers

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

Previous

Next