Re: Channel binding for post-quantum cryptography

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Michael Paquier <michael@paquier.xyz>, Filip Janus <fjanus@redhat.com>, Pgsql Hackers <pgsql-hackers@postgresql.org>, Heikki Linnakangas <hlinnaka@iki.fi>, Daniel Gustafsson <daniel@yesql.se>
Date: 2025-10-28T17:34:27Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Fix handling of SCRAM-SHA-256's channel binding with RSA-PSS certificates

On Tue, Oct 28, 2025 at 9:46 AM Nico Williams <nico@cryptonector.com> wrote:
> RFC 5929 co-author here.  We should take this to the IETF TLS WG mailing
> list and update RFC 5929 and the tls-server-end-point registraion to fix
> this.
>
> Options in the case that the certificate's signature algorithm does not
> have a digest associated with it include:

Ah. (Filip, disregard my earlier question about the draft RFC and
sigalgs; I think I understand now. I didn't look closely enough at the
patch before sending.)

> Maybe there are more options still.  But we're not likely to solve this
> problem here.  This really belongs on the IETF TLS WG mailing list.

+1. (Any immediate takers on the committer side?)

--Jacob