On Sun, May 13, 2018 at 03:43:08PM +0900, Michael Paquier wrote: > On Fri, May 11, 2018 at 11:08:52AM -0400, Bruce Momjian wrote: > > I have committed the first draft of the Postgres 11 release notes. I > > will add more markup soon. You can view the most current version > > here: > > Thanks for gathering all the commits in one piece, Bruce. > > > I expect a torrent of feedback. ;-) > > I looked at the entries where my name shows up. Here is some feedback > with HEAD at 8c6227a2 (latest as of writing this message). > > <para> > Add information_schema columns related to table constraints and > triggers (Michael Paquier) > </para> > The author of this entry is Peter Eisentraut, not me.
Thanks, I got "Reviewed-by" and "Author" mixed up. > <para> > Channel binding requires the server end > of the <acronym>TLS</acronym> connection to > prove that it knows the password. The options are <link > > linkend="libpq-scram-channel-binding"><option>scram_channel_binding=tls-unique</option></link> > and <option>scram_channel_binding=tls-server-end-point</option>. > </para> > This is not actually correct. Channel binding is an MITM prevention > mechanism which makes sure that after the SSL handshake the backend and > the frontend are still connected to the same things. "tls-unique" makes > sure that a connection is uniquely used using a hash of the TLS finish > message, and end-point makes sure that the endpoints are the same using > a hash of the server certificate. So, channel binding has had me confused since I first heard about it. I have done some research and reworded the commit with the attached first patch. Also, I have created a second patch which actually explains the two SCRAM channel binding options and how the work. One question I do have is how do we prevent a fake server in the middle from pretending it is a PG 10 server and therefore avoiding channel binding protections? I don't see any channel binding options in pg_hba.conf, and while libpq has options, they are explained with "This parameter is mainly intended for protocol testing." > <para> > WHAT DOES THIS DOC TEXT MEAN? "An empty value specifies that > the client will not use channel binding. The default value > is tls-unique." > </para> > This means that the client can choose to not use channel binding (which > sends a 'n' flag if you refer to the communication protocol of SCRAM), > even if the server has advertised to the client channel binding. So > this provides a way to disable the feature at will, an on/off switch if > you want. If a v10 libpq tries to connect to a v11 server, then it > won't use channel binding automatically. That may be worth adding to > the documentation as well. I have updated the docs in the second patch to explain this. > <para> > Allow access to file system functions to be controlled by > <command>GRANT</command>/<command>REVOKE</command> permissions, > rather than super-user checks (Michael Paquier) > </para> > Author is Stephen Frost here. Done. > <para> > Use <command>GRANT</command>/<command>REVOKE</command> > to control access to <link > linkend="lo-import"><function>lo_import()</function></link> > and <function>lo_export()</function> (Michael Paquier) > </para> > Tom Lane is a co-author here I think. Done. > <para> > Add libpq parameter to allow physical and logical replication > connections (Michael Paquier) > </para> > This commit has just added documentation which was missing and > incomplete. I would suggest to remove it from the release notes as no > new feature has been added. Removed. > <para> > Add <link > linkend="app-pgreceivewal"><application>pg_receivewal</application></link> > option <option>--no-sync</option> to prevent synchronous > <acronym>WAL</acronym> writes (Michael Paquier) > </para> > Perhaps this should be rewritten? --no-sync just disables any fsync > calls for WAL segments, which is useful for tests, not recommended for > production environments. Done. > <para> > Prevent <application>pg_rewind</application> from running as > <literal>root</literal> (Magnus Hagander) > </para> > This one's authorship is actually mine, after a bug I found :) Done, thanks much. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
diff --git a/doc/src/sgml/release-11.sgml b/doc/src/sgml/release-11.sgml new file mode 100644 index 6bde17e..763a154 *** a/doc/src/sgml/release-11.sgml --- b/doc/src/sgml/release-11.sgml *************** same commits as above *** 1057,1063 **** <para> Add information_schema columns related to table constraints and ! triggers (Michael Paquier) </para> <para> --- 1057,1063 ---- <para> Add information_schema columns related to table constraints and ! triggers (Peter Eisentraut) </para> <para> *************** same commits as above *** 1091,1111 **** <para> Add libpq option to support channel binding when using <link linkend="auth-password"><acronym>SCRAM</acronym></link> ! authentication (Michael Paquier) </para> <para> ! Channel binding requires the server end ! of the <acronym>TLS</acronym> connection to ! prove that it knows the password. The options are <link linkend="libpq-scram-channel-binding"><option>scram_channel_binding=tls-unique</option></link> and <option>scram_channel_binding=tls-server-end-point</option>. </para> - - <para> - WHAT DOES THIS DOC TEXT MEAN? "An empty value specifies that - the client will not use channel binding. The default value - is tls-unique." </para> </listitem> --- 1091,1107 ---- <para> Add libpq option to support channel binding when using <link linkend="auth-password"><acronym>SCRAM</acronym></link> ! authentication (Peter Eisentraut) </para> <para> ! While <acronym>SCRAM</acronym> always prevents the ! replay of transmitted hashed passwords in a later ! session, <acronym>SCRAM</acronym> with channel binding ! also prevents man-in-the-middle attacks. The options are <link linkend="libpq-scram-channel-binding"><option>scram_channel_binding=tls-unique</option></link> and <option>scram_channel_binding=tls-server-end-point</option>. </para> </para> </listitem> *************** same commits as above *** 1196,1202 **** <para> Allow access to file system functions to be controlled by <command>GRANT</command>/<command>REVOKE</command> permissions, ! rather than super-user checks (Michael Paquier) </para> <para> --- 1192,1198 ---- <para> Allow access to file system functions to be controlled by <command>GRANT</command>/<command>REVOKE</command> permissions, ! rather than super-user checks (Stephen Frost) </para> <para> *************** same commits as above *** 1218,1224 **** Use <command>GRANT</command>/<command>REVOKE</command> to control access to <link linkend="lo-import"><function>lo_import()</function></link> ! and <function>lo_export()</function> (Michael Paquier) </para> <para> --- 1214,1220 ---- Use <command>GRANT</command>/<command>REVOKE</command> to control access to <link linkend="lo-import"><function>lo_import()</function></link> ! and <function>lo_export()</function> (Michael Paquier, Tom Lane) </para> <para> *************** same commits as above *** 1881,1902 **** <listitem> <!-- - 2018-03-06 [0c2c81b40] doc: Add replication parameter to libpq documentation - --> - - <para> - Add libpq parameter to allow physical and logical replication - connections (Michael Paquier) - </para> - - <para> - The libpq connection parameter is called <link - linkend="libpq-connect-replication"><option>replication</option></link>. - </para> - </listitem> - - <listitem> - <!-- 2018-03-17 [e3bdb2d92] Set libpq sslcompression to off by default --> --- 1877,1882 ---- *************** same commits as above *** 2330,2336 **** Add <link linkend="app-pgreceivewal"><application>pg_receivewal</application></link> option <option>--no-sync</option> to prevent synchronous ! <acronym>WAL</acronym> writes (Michael Paquier) </para> </listitem> --- 2310,2316 ---- Add <link linkend="app-pgreceivewal"><application>pg_receivewal</application></link> option <option>--no-sync</option> to prevent synchronous ! <acronym>WAL</acronym> writes, for testing (Michael Paquier) </para> </listitem> *************** same commits as above *** 2382,2388 **** <para> Prevent <application>pg_rewind</application> from running as ! <literal>root</literal> (Magnus Hagander) </para> </listitem> --- 2362,2368 ---- <para> Prevent <application>pg_rewind</application> from running as ! <literal>root</literal> (Michael Paquier) </para> </listitem>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml new file mode 100644 index 800e68a..498b8df *** a/doc/src/sgml/libpq.sgml --- b/doc/src/sgml/libpq.sgml *************** postgresql://%2Fvar%2Flib%2Fpostgresql/d *** 1242,1255 **** <term><literal>scram_channel_binding</literal></term> <listitem> <para> ! Specifies the channel binding type to use with SCRAM authentication. ! The list of channel binding types supported by server are listed in ! <xref linkend="sasl-authentication"/>. An empty value specifies that ! the client will not use channel binding. The default value is ! <literal>tls-unique</literal>. </para> <para> Channel binding is only supported on SSL connections. If the connection is not using SSL, then this setting is ignored. </para> --- 1242,1259 ---- <term><literal>scram_channel_binding</literal></term> <listitem> <para> ! Specifies the channel binding type to use with SCRAM ! authentication. While <acronym>SCRAM</acronym> alone prevents ! the replay of transmitted hashed passwords, channel binding also ! prevents man-in-the-middle attacks. </para> <para> + The list of channel binding types supported by the server are + listed in <xref linkend="sasl-authentication"/>. An empty value + specifies that the client will not use channel binding. If this + parameter is not specified, <literal>tls-unique</literal> is used, + if supported by both server and client. Channel binding is only supported on SSL connections. If the connection is not using SSL, then this setting is ignored. </para> diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml new file mode 100644 index 004b360..cfc805f *** a/doc/src/sgml/protocol.sgml --- b/doc/src/sgml/protocol.sgml *************** should use <literal>tls-unique</literal> *** 1584,1589 **** --- 1584,1616 ---- that cannot support <literal>tls-unique</literal> for some reason. </para> + <para> + In <acronym>SCRAM</acronym> without channel binding, the server chooses + a random number that is transmitted to the client to be mixed with the + user-supplied password in the transmitted password hash. While this + prevents the password hash from being successfully retransmitted in + a later session, it does not prevent a fake server between the real + server and client from passing through the server's random value + and successfully authenticating. + </para> + + <para> + <acronym>SCRAM</acronym> with channel binding prevents such + man-in-the-middle attacks by mixing a value into the transmitted + password hash that cannot be retransmitted by a fake server. + In <acronym>SCRAM</acronym> with <literal>tls-unique</literal> + channel binding, the shared secret negotiated during the SSL session + is mixed into the user-supplied password hash. The shared secret + is partly chosen by the server, but not directly transmitted, making + it impossible for a fake server to create an SSL connection with the + client that has the same shared secret it has with the real server. + <acronym>SCRAM</acronym> with <literal>tls-server-end-point</literal> + mixes a hash of the server's certificate into the user-supplied password + hash. While a fake server can retransmit the real server's certificate, + it doesn't have access to the private key matching that certificate, and + therefore cannot prove it is the owner, causing SSL connection failure. + </para> + <procedure> <title>Example</title> <step id="scram-begin">