Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s6WWt-0006gI-RW for pgsql-hackers@arkaria.postgresql.org; Mon, 13 May 2024 14:19:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1s6WWt-000gQV-PG for pgsql-hackers@arkaria.postgresql.org; Mon, 13 May 2024 14:19:51 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1s6WWt-000gQN-FI for pgsql-hackers@lists.postgresql.org; Mon, 13 May 2024 14:19:51 +0000 Received: from mail-yb1-f176.google.com ([209.85.219.176]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1s6WWq-0001H2-AC for pgsql-hackers@lists.postgresql.org; Mon, 13 May 2024 14:19:50 +0000 Received: by mail-yb1-f176.google.com with SMTP id 3f1490d57ef6-de8b66d1726so4434044276.0 for ; Mon, 13 May 2024 07:19:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715609988; x=1716214788; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zhvzM90rQcSif/h7zSN/aHtHunyAwvKVBepTiYL5MQ4=; b=PLimNczLxqK0+vVrzQhcvhM/utF2UStgPRCvw2Y6cupcAJTDvRSxShK2cgE0/EZaJS Pjs8cbV0big6mABUlLTGEen5rqQ73noqLzY+YEZfHo+tSL56DjQJAlrJX5+twne0DfyA WgZKm76yvtbxh3VXntaMZY0MDaI3n+CQ2y7WAQyvU9Z2XJJpneC8LaolovLWRKG2UuzN ap+/cddqijh+bTyfEBxujmdO8gTmshBW92SpksmyxB5nxqvZeEacM9bJXfzvmsy5LZcd vYiIPqmrRh8069MAvBGW4PzA6vIosa5l70kFBIoBTnC6Tq3Su2DISet1Rr0X4ssYRxvl zWmw== X-Forwarded-Encrypted: i=1; AJvYcCVvC8zw0JmJMyPjttLEY33g2wWV+xbiMGhUDDN4NzjspwjQW0bgQ5A+1/kC6OCQykN3Wh6vgcoDzyrfUuquK/1xRgMLSgbsgup47urbFWEDO0OG X-Gm-Message-State: AOJu0YxHcHZgWM9eDSC/oj2MNsmjG/Z0ZtGbgPxmBcxwjKUtTQ2LQ//C MZl1cQ9gwq+cCgi+x2+KmnZm/RitgdCSRQuYNJm31X1vsXIJLRusPPU3cKOz4rdm0SZOyxvjjwj p7ja07d0YaW13XbQ+0QUkWnXlprmxL/Pf6pIX7Q== X-Google-Smtp-Source: AGHT+IHftYwWaYosObSPFMGH8xWe9FP4i3A7crtB3XqP0stC5Jq5xfDFPKfThTpo1IGXElpbVcx8L4t4JN4wjOSYirk= X-Received: by 2002:a25:8404:0:b0:de5:8427:d66f with SMTP id 3f1490d57ef6-dee4e47b423mr7175742276.4.1715609987732; Mon, 13 May 2024 07:19:47 -0700 (PDT) MIME-Version: 1.0 References: <3a6f126c-e1aa-4dcc-9252-9868308f6cf0@iki.fi> <1a717f65-7390-4111-8efd-c6e9b213805e@iki.fi> In-Reply-To: From: Jelte Fennema-Nio Date: Mon, 13 May 2024 16:19:36 +0200 Message-ID: Subject: Re: Direct SSL connection with ALPN and HBA rules To: Heikki Linnakangas Cc: Jacob Champion , Daniel Gustafsson , Robert Haas , Michael Paquier , Postgres hackers Content-Type: text/plain; charset="UTF-8" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Mon, 13 May 2024 at 13:07, Heikki Linnakangas wrote: > "channel_binding=require sslmode=require" also protects from MITM attacks. Cool, I didn't realize we had this connection option and it could be used like this. But I think there's a few security downsides of channel_binding=require over sslmode=verify-full: If the client relies on channel_binding to validate server authenticity, a leaked server-side SCRAM hash is enough for an attacker to impersonate a server. While normally a leaked scram hash isn't really much of a security concern (assuming long enough passwords). I also don't know of many people rotating their scram hashes, even though many rotate TLS certs. > I think these options should be designed from the user's point of view, > so that the user can specify the risks they're willing to accept, and > the details of how that's accomplished are handled by libpq. For > example, I'm OK with (tick all that apply): > > [ ] passive eavesdroppers seeing all the traffic > [ ] MITM being able to hijack the session > [ ] connecting without verifying the server's identity > [ ] divulging the plaintext password to the server > [ ] ... I think that sounds like a great idea, looking forward to the proposal.