On Fri, Feb 15, 2019 at 04:17:07PM -0500, Bruce Momjian wrote: > We removed channel binding from PG 11 in August of 2018 because we were > concerned about downgrade attacks. Are there any plans to enable it for > PG 12?
The original implementation of channel binding for SCRAM has included support for two channel binding types: tls-unique and tls-server-end-point. The original implementation also had a connection parameter called scram_channel_binding to control the channel binding type to use or to disable it. What has been removed via 7729113 are tls-unique and the libpq parameter, and we still have basic channel binding support. The reasons behind that is that tls-unique future is uncertain as of TLS 1.3, and that tls-server-end-point will still be supported. This also simplified the protocol as it is not necessary to let the client decide which channel binding to use. Downgrade attacks at protocol level are something different though, as it is possible to trick libpq to lower down the initial level of authentication wanted (say from SCRAM to MD5, or even worse from MD5 to trust). What we need here is additional frontend facility to allow a client to authorize only a subset of authentication protocols. With what's is v11 and HEAD, any driver speaking the Postgres protocol can implement that. -- Michael
signature.asc
Description: PGP signature
