Re: RFC 9266: Channel Bindings for TLS 1.3 support

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: "* Neustradamus *" <neustradamus@hotmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-20T21:59:22Z
Lists: pgsql-hackers
On Thu, Nov 20, 2025 at 1:52 PM Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> PostgreSQL does support channel binding, with tls-server-end-point. I
> believe that sufficient to prevent an attack like that.

No, IIRC unique bindings (-unique and -exporter) prevent MITM even if
the attacker has the server's private key, as long as they do not also
possess the SCRAM verifiers. tls-server-end-point does not prevent
against that (so you can terminate TLS on a different node from the
verifiers).

--Jacob