On Tue, 2021-11-23 at 18:27 +0000, Jacob Champion wrote:
> Now that the MITM CVEs are published [1], I wanted to share my wishlist
> of things that would have made those attacks difficult/impossible to
> pull off.
Now that we're post-commitfest, here's my summary of the responses so
far:
> = Client-Side Auth Selection =
There is interest in letting libpq reject certain auth methods coming
back from the server, perhaps using a simple connection option, and
there are some prior conversations on the list to look into.
> = Implicit TLS =
Reactions to implicit TLS were mixed, from "we should not do this" to
"it might be nice to have the option, from a technical standpoint".
Both a separate-port model and a shared-port model were tentatively
proposed. The general consensus seems to be that the StartTLS-style
flow is currently sufficient from a security standpoint.
I didn't see any responses that were outright in favor, so I think my
remaining question is: are there any committers who think a prototype
would be worth the time for a motivated implementer?
Thanks for the discussion!
--Jacob