On Sun, Jun 17, 2018 at 10:21:27PM +0900, Michael Paquier wrote: > On Fri, Jun 15, 2018 at 05:23:27PM -0400, Robert Haas wrote: > > On Thu, Jun 14, 2018 at 7:43 AM, Magnus Hagander <mag...@hagander.net> > > wrote: > >> I still think that the fact that we are still discussing what is basically > >> the *basic concepts* of how this would be set up after we have released > >> beta1 is a clear sign that this should not go into 11. > > > > +1. > > Yes, that sounds right.
Uh, as I am understanding it, if we don't allow clients to force channel binding, then channel binding is useless because it cannot prevent man-in-the-middle attacks. I am sure some users will try to use it, and not understand that it serves no purpose. If we then allow clients to force channel binding in PG 12, they will then need to fix their clients. I suggest that if we don't allow users to use channel binding effectively that we should remove all documentation about this feature. This is different from downgrade attacks like SCRAM to MD5 or MD5 to 'password' because the way the password is transmitted is not integral to preventing man-in-the-middle attacks. Channel binding's sole value is to prevent such attacks, so if it cannot prevent them, it has no use and will just confuse people until we make it useful in a later release. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
