| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Álvaro Hernández Tortosa <aht(at)8kdata(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Some thoughts about SCRAM implementation |
| Date: | 2017-04-12 09:25:43 |
| Message-ID: | CABUevEzXZCoN8Nv6rh9eQjjzQq1SO7x=gYEshFyFRRrJhTPWqQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Apr 12, 2017 at 11:13 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
wrote:
> On 04/12/2017 11:22 AM, Magnus Hagander wrote:
>
>> On Wed, Apr 12, 2017 at 3:25 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>>
>> And which enterprises are using SSL without certificates? And I thought
>>> channel binding required certificates anyway, e.g.:
>>>
>>> https://en.wikipedia.org/wiki/Salted_Challenge_Response_
>>> Authentication_Mechanism#Channel_binding
>>>
>>> For instance, for the tls-server-end-point channel binding, it is
>>> the
>>> server's TLS certificate.
>>>
>>
>> AFAIK it does require the TLS certifificates, but it does not require TLS
>> certificate *validation*. You can use channel binding with just
>> self-signed
>> certs.
>>
>
> tls-server-end-point channel binding type relies on certificates. But
> SCRAM uses "tls-unique" by default, and it does not use certificates. It's
> a bit weird that the wikipedia article uses tls-server-end-point as the
> example, I don't know why anyone would use tls-server-end-point with SCRAM.
Interesting. But we don't support TLS without certificates, do we? We
support it without client certificates, but we need a server certificate.
So the TLS connection itself still relies on the certificates, justn ot the
channel binding.
> That said, I stand by my comment that I don't think it's the enterprises
>> that need or want the channel binding. If they care about it, they have
>> already put certificate validation in place, and it won't buy them
>> anything.
>>
>> Because channel binding also only secures the authentication (SCRAM), not
>> the actual contents and commands that are then sent across the channel,
>> AFAIK?
>>
>
> TLS protects the contents and the commands. The point of channel binding
> is to defeat a MITM attack, where the client connects to a malicious
> server, using TLS, which then connects to the real server, using another
> TLS connection. Channel binding will detect that the client and the real
> server are not communicating over the same TLS connection, but two
> different TLS connections, and make the authentication fail.
>
> SSL certificates, with validation, achieves the same, but channel binding
> achieves it without the hassle of certificates.
Right. It also achieves some more things, but definitely with more hassle.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Korotkov | 2017-04-12 09:29:46 | Re: index-only count(*) for indexes supporting bitmap scans |
| Previous Message | Heikki Linnakangas | 2017-04-12 09:13:03 | Re: Some thoughts about SCRAM implementation |