On Wed, May 16, 2018 at 08:20:49PM -0400, Bruce Momjian wrote: > SCRAM-with-binding is the first password method that attempts to avoid > man-in-the-middle attacks, and therefore is much less likely to be able > to trust what the endpoints supports. I think it is really the > channel_binding_mode that we want to control at the client. The lesser > modes are much more reasonable to use an automatic best-supported > negotiation, which is what we do now.
Noted. Which means that the parameter is ignored when using a non-SSL connection, as well as when the server tries to enforce the use of anything else than SCRAM. > FYI, I think the server could also require channel binding for SCRAM. We > already have scram-sha-256 in pg_hba.conf, and I think > scram-sha-256-plus would be reasonable. Noted as well. There is of course the question of v10 libpq versions which don't support channel binding, but if an admin is willing to set up scram-sha-256-plus in pg_hba.conf then he can request his users to update his drivers/libs as well. What's the take of others? Magnus, Stephen or Heikki perhaps (you've been the most involved with SCRAM early talks)? -- Michael
signature.asc
Description: PGP signature
