For me... On 10/21/14, 1:30 PM, "Wouter Verhelst" <w@xxxxxxx> wrote: >Hi Markus, > >On Tue, Oct 21, 2014 at 10:17:17AM +0200, Markus Armbruster wrote: >> >> >> Misunderstanding. I didn't mean to claim "STARTTLS is bad". If I >> wanted to say that, I would've said it directly. I was merely asking >> how you plan to guard against downgrade attacks. I gather your advice >> is to make the client (QEMU) insist on TLS, and check the server's >> certificate. Correct? > >My advice is to give both client and server the ability to have TLS >switched on or off, and possibly (but not necessarily so, and certainly >not by default) also the _ability_ to negotiate TLS if the other side >supports it, while not aborting if it doesn't. As long as there is a way to request a secure connection, without possibility to failover to a non-secure connection, nor negotiate anything short of what was requested. In other words, do this or do not; there is no try. If I am reading the above paragraph accurately, that scenario could be configured, right? -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list