| From: | Jacob Champion <pchampion(at)vmware(dot)com> |
|---|---|
| To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Post-CVE Wishlist |
| Date: | 2021-12-07 18:49:54 |
| Message-ID: | f032fe6d90a65f7dca5d3764c60a0581bc72e836.camel@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 2021-11-23 at 18:27 +0000, Jacob Champion wrote:
> Now that the MITM CVEs are published [1], I wanted to share my wishlist
> of things that would have made those attacks difficult/impossible to
> pull off.
Now that we're post-commitfest, here's my summary of the responses so
far:
> = Client-Side Auth Selection =
There is interest in letting libpq reject certain auth methods coming
back from the server, perhaps using a simple connection option, and
there are some prior conversations on the list to look into.
> = Implicit TLS =
Reactions to implicit TLS were mixed, from "we should not do this" to
"it might be nice to have the option, from a technical standpoint".
Both a separate-port model and a shared-port model were tentatively
proposed. The general consensus seems to be that the StartTLS-style
flow is currently sufficient from a security standpoint.
I didn't see any responses that were outright in favor, so I think my
remaining question is: are there any committers who think a prototype
would be worth the time for a motivated implementer?
Thanks for the discussion!
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-12-07 18:52:34 | Re: pg_dump versus ancient server versions |
| Previous Message | Colin Gilbert | 2021-12-07 18:32:42 | Appetite for Frama-C annotations? |