Re: Letting the client choose the protocol to use during a SASL exchange
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Álvaro Hernández Tortosa <aht@8kdata.com>, Michael Paquier <michael.paquier@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Simon Riggs <simon@2ndquadrant.com>,
PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-04-11T11:21:47Z
Lists: pgsql-hackers
On 04/11/2017 01:39 PM, Álvaro Hernández Tortosa wrote: > The fact that you null terminate them (fine with me) doesn't change > my reasoning. How do you separate multiple channel binding methods? And > do you realize that you will be repeating the channel binding methods > without reason? A contrived but legal, possible example: > > Field1: > SCRAM-SHA-256\0 > SCRAM-SHA-512\0 > SCRAM-SHA-999\0 > SCRAM-SHA-256-PLUS tls-unique tls-awesome yet-another-tls\0 > SCRAM-SHA-512-PLUS tls-unique tls-awesome yet-another-tls\0 > SCRAM-SHA-999-PLUS tls-unique tls-awesome yet-another-tls\0 I was actually thinking of: SCRAM-SHA-256\0 SCRAM-SHA-512\0 SCRAM-SHA-999\0 SCRAM-SHA-256-PLUS\0 SCRAM-SHA-256-PLUS tls-awesome\0 SCRAM-SHA-256-PLUS yet-another-tls\0 SCRAM-SHA-512-PLUS\0 SCRAM-SHA-512-PLUS tls-awesome\0 SCRAM-SHA-512-PLUS yet-another-tls\0 SCRAM-SHA-999-PLUS\0 SCRAM-SHA-999-PLUS tls-awesome\0 SCRAM-SHA-999-PLUS yet-another-tls\0 In practice, I don't foresee us having this many options, so the verbosity won't be an issue. Parsing this is very straightforward. >>> vs >>> >>> Field 1: >>> SCRAM-SHA-256,SCRAM-SHA-256-PLUS,SCRAM-SHA-1-PLUS,SCRAM-SHA-512-PLUS >>> (simple CSV) >>> Field 2: tls-unique (String) >> >> What if tls-unique is only supported with SCRAM-SHA-256-PLUS, while >> SCRAM-SHA-512-PLUS requires tls-awesome? > > It can't happen. The RFC clearly states that they are orthogonal. > It is left to the implementations support one or the other, but no > reason to limit applicability of a given binding method to a given SCRAM > mechanisms (or viceversa). Well, if tls-unique is found to be insecure, a future SCRAM-SHA-512-PLUS spec might well define that the default for that mechanism is tls-unique-new-and-secure rather than tls-unique. Maybe even forbid using tls-unique altogether. I don't think that's likely, but this is all about future-proofing, so I'd rather keep it flexible. - Heikki
Commits
-
Improve the SASL authentication protocol.
- 4f3b87ab780b 10.0 landed
-
Refactor libpq authentication request processing.
- 61bf96cab063 10.0 landed
-
Minor cleanup of backend SCRAM code.
- 00707fa58275 10.0 landed