On Fri, Apr 7, 2017 at 6:32 PM, Michael Paquier <michael.paqu...@gmail.com> wrote: > On Sat, Apr 8, 2017 at 1:59 AM, Robert Haas <robertmh...@gmail.com> wrote: >> On Fri, Apr 7, 2017 at 3:59 AM, Heikki Linnakangas <hlinn...@iki.fi> wrote: >>> I think the "SCRAM" part is more important than "SHA-256", so -1 on that. >> >> I agree. The point here isn't that we're using a better hashing >> method, even if a lot of people *think* that's the point. The point >> is we're using a modern algorithm that has nice properties like "you >> can't impersonate the client by steeling the verifier, or even by >> snooping the exchange". >> >> But "sasl" might be even better. > > FWIW, my opinion has not changed much on the matter, I would still > favor "sasl" as the keyword used in pg_hba.conf. What has changed in > my mind though is that defining no mechanisms with an additional > option mean that all possible choices are sent to the client. But if > you define a list of mechanisms, then we'll just send back to the > client the specified list as a possible choice of exchange mechanism: > host all all blah.com sasl mechanism=scram-sha-256-plus > Here for example the user would not be allowed to use SCRAM-SHA-256, > just SCRAM with channel binding. > > Such an option makes sense once we add support for one more mechanism > in SASL, like channel binding, but that's by far a generic approach > that can serve us for years to come, and by admitting that nothing > listed means all possible options we don't need any immediate action.
Yes, that all seems quite sensible. What exactly is the counter-argument? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
