Re: RFC 9266: Channel Bindings for TLS 1.3 support

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: "* Neustradamus *" <neustradamus@hotmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-21T16:18:41Z
Lists: pgsql-hackers
On Fri, Nov 21, 2025 at 12:46 AM Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> If I understood the incident correctly, the attacker managed to somehow
> obtain a valid TLS certificate for the victim domain. They used that to
> perform a MITM attack. They did not have the server's private key. (Or
> if they did, they did not use that for the attack).

Oh! Thank you for pointing that out. Yeah, having the private key for
*a* host certificate shouldn't help you if it doesn't have the same
public fingerprint as the one in use at the peer. (I'm not sure I
really internalized that distinction before.)

--Jacob