Re: SCRAM with channel binding downgrade attack
Magnus Hagander <magnus@hagander.net>
On Wed, May 23, 2018 at 11:08 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > On 23/05/18 09:59, Magnus Hagander wrote: > >> With that, a connection would be allowed, if either the server's SSL >>> certificate is verified as with "sslmode=verify-full", *or* SCRAM >>> authentication with channel binding was used. Or perhaps cram it into >>> sslmode, "sslmode=verify-full-or-scram-channel-binding", just with a >>> nicer name. (We can do that after v11 though, I think.) >>> >> >> sslmode=verify-full is very different from SCRAM with channel binding, >> isn't it? As in, SCRAM with channel binding at no point proves which >> server >> you're talking to -- only that you are talking to the SSL endpoint? It >> could be a rogue SSL endpoint unless you do certificate validation. >> > > SCRAM, even without channel binding, does prove that you're talking to the > correct server. Or to be precise, it proves to the client, that the server > also knows the password, so assuming that you're using strong passwords and > not sharing them across servers, you know that you're talking to the > correct server. > Right. It provides a very different guarantee from what ssl certs provide. They are not replaceable, or mutually exclusive. Trying to force those into a single configuration parameter doesn't make a lot of sense IMO. Channel binding adds the guarantee that the SSL endpoint belongs to the > same server you're authenticating with, i.e. there is no man in the middle. Yeah, it does protect you against things like pgbouncer (a real one or a rogue one- the rogue one being the mitm attacker). But again, only if you never share a password, which would be a nice world to live in :) -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
Commits
-
doc: update PG 11 release notes
- 6eb612fea9d0 12.0 cited
-
Fix misspelled pg_trgm contrib name in PostgreSQL 11 release notes
- 3abc5a67edfd 12.0 landed
-
Doc: clarify release note text about v11's new window function features.
- 510421c45fb4 11.0 landed
- 11a3aeeb5e17 12.0 landed
-
Improve wording of release notes item
- bee6a683a5c3 11.0 landed
-
Fix typos in release notes
- fb6accd27b99 11.0 landed
-
Doc: preliminary list of PG11 major features.
- 4aad161c9a6d 11.0 landed
-
Make numeric power() handle NaNs according to the modern POSIX spec.
- d1fc750b5199 11.0 landed
-
Various improvements of skipping index scan during vacuum technics
- 8e12f4a250d2 11.0 cited
-
Revert back-branch changes in power()'s behavior for NaN inputs.
- f74d83b3034f 10.4 cited
-
Avoid wrong results for power() with NaN input on more platforms.
- 6bdf1303b34b 11.0 cited
-
Avoid wrong results for power() with NaN input on some platforms.
- 61b200e2f582 11.0 cited
-
Skip full index scan during cleanup of B-tree indexes when possible
- 857f9c36cda5 11.0 cited
-
Rewrite the code that applies scan/join targets to paths.
- 11cf92f6e2e1 11.0 cited
-
Postpone generate_gather_paths for topmost scan/join rel.
- 3f90ec8597c3 11.0 cited
-
Add casts from jsonb
- c0cbe00fee6d 11.0 cited
-
Make plpgsql use its DTYPE_REC code paths for composite-type variables.
- 4b93f57999a2 11.0 cited
-
Don't allow VACUUM VERBOSE ANALYZE VERBOSE.
- 921059bd66c7 11.0 cited
-
Pass InitPlan values to workers via Gather (Merge).
- e89a71fb449a 11.0 cited
-
Account for the effect of lossy pages when costing bitmap scans.
- 5edc63bda68a 11.0 cited
-
Allow no-op GiST support functions to be omitted.
- d3a4f89d8a3e 11.0 cited
-
Rearm statement_timeout after each executed query.
- f8e5f156b30e 11.0 cited
-
Push limit through subqueries to underlying sort, where possible.
- 1f6d515a67ec 11.0 cited