On 9/12/17 19:03, Michael Paquier wrote:
> Once channel binding is involved though.. This needs to be extended
> and this needs careful thoughts:
> * "scram-sha-256" means that the version without channel binding is
> accepted. "!scram-sha-256" means that scram without channel binding is
> refused.
> * "scram-sha-256-plus" means that all channel bindings are accepted.
> "!scram-sha-256-plus" means that no channel binding are accepted.
> After that there is some filtering per channel binding name. Do we
> want a separate parameter or just filter with longer names like
> "scram-sha-256-plus-tls-unique" and
> "scram-sha-256-plus-tls-server-end-point"? The last one gets
> particularly long, this does not help users with typos :)

Second thoughts, to make things simpler.  All we need for channel
binding is a connection flag that says "I require channel binding".  It
could be modeled after the sslmode parameter, e.g., cbind=disable (maybe
for debugging), cbind=prefer (default), cbind=require.  If you specify
"require", then libpq would refuse to proceed unless scram-sha2-256-plus
(or future similar mechanisms) was offered for authentication.

We don't even need a parameter that specifies which channel binding type
to use.  If libpq implements tls-unique, it should always use that.  We
might need a flag for testing other types, but that should not be an
in-the-user's-face option.

Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to