On 8/11/19 3:56 PM, Peter Eisentraut wrote:
> On 2019-08-11 21:46, Jonathan S. Katz wrote:
>> On 8/11/19 1:00 PM, Peter Eisentraut wrote:
>>> On 2019-08-09 23:56, Jeff Davis wrote:
>>>> 1. Hierarchical semantics, where you specify the least-secure
>>>> acceptable method:
>>>>
>>>> password_protocol = {any,md5,scram-sha-256,scram-sha-256-plus}
>>>
>>> What would the hierarchy be if scram-sha-512 and scram-sha-512-plus are
>>> added?
>>
>> password_protocol =
>> {any,md5,scram-sha-256,scram-sha-512,scram-sha-256-plus,scram-sha-512-plus}?
>>
>> I'd put one length of digest over another, but I'd still rank a method
>> that uses channel binding has more protections than one that does not.
>
> Sure, but the opposite opinion is also possible.That's true, and when originally started composing my note I had it as (256,512,256-plus,512-plus). But upon further reflection, the reason I ranked the digest-plus methods above the digest methods is that there is any additional requirement imposed by them. The digest methods could be invoked either with/without TLS, whereas the digest-plus methods *must* use TLS. As such, 256-plus is explicitly asking for an additional security parameter over 512, i.e. transmission over TLS, so even if it's a smaller digest, it has the additional channel binding requirement. Jonathan
signature.asc
Description: OpenPGP digital signature
