diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
new file mode 100644
index 800e68a..498b8df
*** a/doc/src/sgml/libpq.sgml
--- b/doc/src/sgml/libpq.sgml
*************** postgresql://%2Fvar%2Flib%2Fpostgresql/d
*** 1242,1255 ****
        <term><literal>scram_channel_binding</literal></term>
        <listitem>
         <para>
!         Specifies the channel binding type to use with SCRAM authentication.
!         The list of channel binding types supported by server are listed in
!         <xref linkend="sasl-authentication"/>.  An empty value specifies that
!         the client will not use channel binding.  The default value is
!         <literal>tls-unique</literal>.
         </para>
  
         <para>
          Channel binding is only supported on SSL connections.  If the
          connection is not using SSL, then this setting is ignored.
         </para>
--- 1242,1259 ----
        <term><literal>scram_channel_binding</literal></term>
        <listitem>
         <para>
!         Specifies the channel binding type to use with SCRAM
!         authentication.  While <acronym>SCRAM</acronym> alone prevents
!         the replay of transmitted hashed passwords, channel binding also
!         prevents man-in-the-middle attacks.
         </para>
  
         <para>
+         The list of channel binding types supported by the server are
+         listed in <xref linkend="sasl-authentication"/>.  An empty value
+         specifies that the client will not use channel binding.  If this
+         parameter is not specified, <literal>tls-unique</literal> is used,
+         if supported by both server and client.
          Channel binding is only supported on SSL connections.  If the
          connection is not using SSL, then this setting is ignored.
         </para>
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
new file mode 100644
index 004b360..cfc805f
*** a/doc/src/sgml/protocol.sgml
--- b/doc/src/sgml/protocol.sgml
*************** should use <literal>tls-unique</literal>
*** 1584,1589 ****
--- 1584,1616 ----
  that cannot support <literal>tls-unique</literal> for some reason.
    </para>
  
+   <para>
+    In <acronym>SCRAM</acronym> without channel binding, the server chooses
+    a random number that is transmitted to the client to be mixed with the
+    user-supplied password in the transmitted password hash.  While this
+    prevents the password hash from being successfully retransmitted in
+    a later session, it does not prevent a fake server between the real
+    server and client from passing through the server's random value 
+    and successfully authenticating.
+   </para>
+ 
+   <para>
+    <acronym>SCRAM</acronym> with channel binding prevents such
+    man-in-the-middle attacks by mixing a value into the transmitted
+    password hash that cannot be retransmitted by a fake server.
+    In <acronym>SCRAM</acronym> with <literal>tls-unique</literal>
+    channel binding, the shared secret negotiated during the SSL session
+    is mixed into the user-supplied password hash.  The shared secret
+    is partly chosen by the server, but not directly transmitted, making
+    it impossible for a fake server to create an SSL connection with the
+    client that has the same shared secret it has with the real server.
+    <acronym>SCRAM</acronym> with <literal>tls-server-end-point</literal>
+    mixes a hash of the server's certificate into the user-supplied password
+    hash.  While a fake server can retransmit the real server's certificate,
+    it doesn't have access to the private key matching that certificate, and
+    therefore cannot prove it is the owner, causing SSL connection failure.
+   </para>
+ 
  <procedure>
  <title>Example</title>
    <step id="scram-begin">
