On Wed, May 23, 2018 at 11:08 AM, Heikki Linnakangas <hlinn...@iki.fi> wrote:
> On 23/05/18 09:59, Magnus Hagander wrote: > >> With that, a connection would be allowed, if either the server's SSL >>> certificate is verified as with "sslmode=verify-full", *or* SCRAM >>> authentication with channel binding was used. Or perhaps cram it into >>> sslmode, "sslmode=verify-full-or-scram-channel-binding", just with a >>> nicer name. (We can do that after v11 though, I think.) >>> >> >> sslmode=verify-full is very different from SCRAM with channel binding, >> isn't it? As in, SCRAM with channel binding at no point proves which >> server >> you're talking to -- only that you are talking to the SSL endpoint? It >> could be a rogue SSL endpoint unless you do certificate validation. >> > > SCRAM, even without channel binding, does prove that you're talking to the > correct server. Or to be precise, it proves to the client, that the server > also knows the password, so assuming that you're using strong passwords and > not sharing them across servers, you know that you're talking to the > correct server. > Right. It provides a very different guarantee from what ssl certs provide. They are not replaceable, or mutually exclusive. Trying to force those into a single configuration parameter doesn't make a lot of sense IMO. Channel binding adds the guarantee that the SSL endpoint belongs to the > same server you're authenticating with, i.e. there is no man in the middle. Yeah, it does protect you against things like pgbouncer (a real one or a rogue one- the rogue one being the mitm attacker). But again, only if you never share a password, which would be a nice world to live in :) -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>