Dear Heikki, Thanks for your answer.
Several people would like to deprecate "tls-server-end-point" (RFC 5929) like Simon Josefsson (author of several RFCs) because RFC 9266 exists since July 2022: - https://mailarchive.ietf.org/arch/msg/kitten/zpesKSHsiuy1RvhPlbSUGajLbKQ/ - https://datatracker.ietf.org/person/Simon%20Josefsson For example, he is the GNU SASL maintainer and he does not want to add tls-server-end-point support: - https://gitlab.com/gsasl/gsasl/-/issues/13 Other talks about tls-server-end-point: - https://mailarchive.ietf.org/arch/browse/kitten/?q=tls-server-end-point&gbt=1&index= - https://mail.jabber.org/hyperkitty/search?count=200&q=tls-server-end-point&page=1&mlist=standards%40xmpp.org&sort=date-asc - https://mailarchive.ietf.org/arch/browse/tls/?q=tls-server-end-point&gbt=1&index= So it is really important to support "tls-exporter". Regards, Neustradamus ________________________________________ From: Heikki Linnakangas <[email protected]> Sent: Thursday, November 20, 2025 22:52 To: * Neustradamus *; PostgreSQL Hackers Subject: Re: RFC 9266: Channel Bindings for TLS 1.3 support On 20/11/2025 22:58, * Neustradamus * wrote: > Dear PostgreSQL team, dear all, > > In 2022, I have contacted PostgreSQL team about Channel Binding: > - https://www.postgresql.org/search/?m=1&q=tls-exporter&l=&d=-1&s=i > > We are in 2025, I relaunch the subject because several developers always say > me: "it is not supported by PostgreSQL". > > Can you add the support of RFC 9266: Channel Bindings for TLS 1.3? > - https://datatracker.ietf.org/doc/html/rfc9266 I think that would be great. Patches are welcome! The tricky part is probably going to be to make the protocol changes in a way that is both backwards-compatible and as secure as possible. But I'm sure it can be done. > Channel Bindings for TLS: https://datatracker.ietf.org/doc/html/rfc5929 > > - XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html > - XEP-0440: SASL Channel-Binding Type Capability: > https://xmpp.org/extensions/xep-0440.html > - XEP-0474: SASL SCRAM Downgrade Protection: > https://xmpp.org/extensions/xep-0474.html > - XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html > > Little details, to know easily: > - tls-unique for TLS =< 1.2 (RFC5929) > - tls-server-end-point =< 1.2 + 1.3 (RFC5929) > - tls-exporter for TLS = 1.3 (RFC9266) > > After the jabber.ru MITM, it is time to add it: > - https://notes.valdikss.org.ru/jabber.ru-mitm/ > - https://snikket.org/blog/on-the-jabber-ru-mitm/ > - https://www.devever.net/~hl/xmpp-incident > - https://blog.jmp.chat/b/certwatch/certwatch PostgreSQL does support channel binding, with tls-server-end-point. I believe that sufficient to prevent an attack like that. (Assuming that it's configured correctly, but that's an issue of insecure defaults rather than a missing feature). What are the benefits of tls-exporter over tls-server-end-point? I agree it would be good to support tls-exporter, since RFC9266 specifies it as mandatory for channel binding over TLS 1.3. But aside from the RFC, is there some practical difference? - Heikki
