On Tue, 2021-11-23 at 18:27 +0000, Jacob Champion wrote: > Now that the MITM CVEs are published [1], I wanted to share my wishlist > of things that would have made those attacks difficult/impossible to > pull off.
Now that we're post-commitfest, here's my summary of the responses so far: > = Client-Side Auth Selection = There is interest in letting libpq reject certain auth methods coming back from the server, perhaps using a simple connection option, and there are some prior conversations on the list to look into. > = Implicit TLS = Reactions to implicit TLS were mixed, from "we should not do this" to "it might be nice to have the option, from a technical standpoint". Both a separate-port model and a shared-port model were tentatively proposed. The general consensus seems to be that the StartTLS-style flow is currently sufficient from a security standpoint. I didn't see any responses that were outright in favor, so I think my remaining question is: are there any committers who think a prototype would be worth the time for a motivated implementer? Thanks for the discussion! --Jacob
