| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Postgres hackers <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: SCRAM with channel binding downgrade attack |
| Date: | 2018-06-27 17:24:15 |
| Message-ID: | 20180627172415.y2pby7gau77274cm@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-www |
Going over this thread a little bit I'm confused about what is being
proposed. I think I understand that we no longer think we have have
SCRAM channel binding. I hope that doesn't mean we don't have SCRAM
itself. However, in terms of the Postgres release proper, what do we
need to do? There is still an open item about this, and I had the
impression that if we simply demoted channel binding from a pg11 major
feature to barely a footnote that somebody can implement it with some
hypothetical future JDBC driver that supports the option, then we're
done.
Am I mistaken?
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2018-06-27 18:21:51 | Re: Speedup of relation deletes during recovery |
| Previous Message | Pavel Stehule | 2018-06-27 17:17:05 | Re: [HACKERS] proposal: schema variables |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2018-06-28 07:33:09 | Re: SCRAM with channel binding downgrade attack |
| Previous Message | Peter Eisentraut | 2018-06-27 16:55:28 | Re: SCRAM with channel binding downgrade attack |