Home > mailing lists

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: SCRAM with channel binding downgrade attack
Date	June 11, 2018 20:49:01
Msg-id	ccc205da-15ec-0fb2-54dd-a57592bf364b@2ndquadrant.com Whole thread Raw
In response to	Re: SCRAM with channel binding downgrade attack (Michael Paquier <michael@paquier.xyz>)
Responses	Re: SCRAM with channel binding downgrade attack
List	pgsql-hackers

Tree view

On 6/6/18 18:04, Michael Paquier wrote:
> On Wed, Jun 06, 2018 at 11:53:06PM +0300, Heikki Linnakangas wrote:
>> That would certainly be good. We've always had that problem, even with md5
>> -> plaintext password downgrade, and it would be nice to fix it. It's quite
>> late in the release cycle already, do you think we should address that now?
>> I could go either way..
> 
> I would be inclined to treat that as new development as this is no new
> problem.

I agree.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

pgsql-hackers by date:

From: Peter Eisentraut
Date: 11 June 2018, 20:47:23
Subject: Re: Supporting tls-server-end-point as SCRAM channel binding forOpenSSL 1.0.0 and 1.0.1

From: Magnus Hagander
Date: 11 June 2018, 20:54:45
Subject: Re: SCRAM with channel binding downgrade attack

Re: SCRAM with channel binding downgrade attack - Mailing list pgsql-hackers

Previous

Next