From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Bruce Momjian <bruce(at)momjian(dot)us> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Postgres 11 release notes |
Date: | 2018-05-14 23:10:20 |
Message-ID: | 20180514231020.GB1600@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-www |
On Mon, May 14, 2018 at 04:04:58PM -0400, Bruce Momjian wrote:
> So, channel binding has had me confused since I first heard about it. I
> have done some research and reworded the commit with the attached
> first patch.
pg11.diff looks roughly fine to me.
> Also, I have created a second patch which actually explains the two
> SCRAM channel binding options and how the work.
+ The list of channel binding types supported by the server are
+ listed in <xref linkend="sasl-authentication"/>. An empty value
+ specifies that the client will not use channel binding. If this
+ parameter is not specified, <literal>tls-unique</literal> is used,
+ if supported by both server and client.
OK, that's simple enough for users, and we talk about the libpq
parameter here.
The second paragraph is also a nice addition. You really looked at this
stuff!
> One question I do have is how do we prevent a fake server in the middle
> from pretending it is a PG 10 server and therefore avoiding channel
> binding protections? I don't see any channel binding options in
> pg_hba.conf, and while libpq has options, they are explained with "This
> parameter is mainly intended for protocol testing."
The answer is that you cannot do that now, as much as you cannot have a
client forbid connection attempt if the client requests SCRAM but the
server downgrades to MD5. I had a topic on the matter at an unconf
session at the last PGAsia, and except for administrators which forgot
to upgrade a set of servers that was not something worth complicating
the code for, at least that's the conclusion which came out of the
session. At the end, this is not actually something that you would
control from the server if you care about security, but something which
is controlled from the client. The limitations that we have know are
partially due to the way libpq handles the authentication protocol.
Hence if you want to prevent servers attempting to do downgrades, you
need options like sslmode saying those things from the client point of
view:
- I want SCRAM, but refuse connection request if server attempts MD5 or
something else.
- I want SCRAM and channel binding, but refuse connection request if
server does not advertise channel binding to the client.
There may be value to an server side parameter which forces clients to
use channel binding even if the server has advertized the channel
binding SASL mechanism, and even if connection is made with SSL, but
that's not a downgrade-attack prevention.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Tatsuo Ishii | 2018-05-15 00:19:04 | Re: Postgres 11 release notes |
Previous Message | Alvaro Herrera | 2018-05-14 22:32:52 | Re: Cache lookup errors with functions manipulation object addresses |
From | Date | Subject | |
---|---|---|---|
Next Message | Tatsuo Ishii | 2018-05-15 00:19:04 | Re: Postgres 11 release notes |
Previous Message | Bruce Momjian | 2018-05-14 20:41:54 | Re: Postgres 11 release notes |