On Fri, 2019-08-09 at 09:28 -0400, Stephen Frost wrote: > Having an 'any' option, as mentioned before, could be an alternative > though.
... > I agree with the point that there isn't any guarantee that it'll > always > be clear-cut as to which of two methods is "better". > > From a user perspective, it seems like the main things are "don't > send > my password in the clear to the server", and "require channel binding > to > prove there isn't a MITM". I have to admit that I like the idea of > requiring scram to be used and not allowing md5 though. So it seems like we are leaning toward: password_protocol = any | {plaintext,md5,scram-sha-256,scram-sha- 256-plus}[,...] Or maybe: channel_binding = {disable|prefer|require} password_plaintext = {disable|enable} password_md5 = {disable|enable} That seems reasonable. It's three options, but no normal use case would need to set more than two, because channel binding forces scram-sha- 256-plus. Regards, Jeff Davis