The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote : > On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote: > > The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote : > > > Hi, > > > QEMU offers both NBD client and server functionality. The NBD protocol > > > runs unencrypted, which is a problem when the client and server > > > communicate over an untrusted network. > > > > > > The particular use case that prompted this mail is storage migration in > > > OpenStack. The goal is to encrypt the NBD connection between source and > > > destination hosts during storage migration. > > > > I agree this would be usefull. > > > > > > > > I think we can integrate TLS into the NBD protocol as an optional flag. > > > A quick web search does not reveal existing open source SSL/TLS NBD > > > implementations. I do see a VMware NBDSSL protocol but there is no > > > specification so I guess it is proprietary. > > > > > > The NBD protocol starts with a negotiation phase. This would be the > > > appropriate place to indicate that TLS will be used. After client and > > > server complete TLS setup the connection can continue as normal. > > > > Prenegociating TLS look like we will accidentaly introduce some security hole. I was thinking of the fallback to cleartext case. As a regular developper I am afraid of doing something creative with cryptography. > > Can you elaborate on that? How would it be a security hole? > > > Why not just using a dedicated port and let the TLS handshake happen normaly ? > > Because STARTTLS(-like) protocols are much cleaner; no need to open two > firewall ports. Also, when I made the request for a port number at IANA, > I was told I wouldn't get another port for a "secure" variant -- which > makes sense. As such, if the reference implementation is ever going to > support TLS, it has to be in a way where it is negotiated at setup time. > > SMTP can do this safely. So can LDAP. I'm sure we can come up with a > safe way of negotiating TLS. > > If you want to disallow nonencrypted communication, I'm sure it can be > made possible to require TLS for (some of) your exports. > > (my objections on userspace/kernelspace issues still stand, however) > > -- > It is easy to love a country that is famous for chocolate and beer > > -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26 > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list