On 4/11/17 09:03, Magnus Hagander wrote: > I would expect most enterprise customers who care about MITM protection > are already using either TLS or ipsec to cover that already. They have > benefit from the other parts of SCRAM, but they've already solved those > problems.
Yeah, I think if you're concerned about MITM then you would also be concerned about MITM siphoning off your data. So you should be using TLS and then you don't need channel binding. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
