On Tue, 26 Apr 2022 13:48:20 +0000 Chuck Lever III wrote: > > Create the socket in user space, do all the handshakes you need there > > and then pass it to the kernel. This is how NBD + TLS works. Scales > > better and requires much less kernel code. > > The RPC-with-TLS standard allows unencrypted RPC traffic on the connection > before sending ClientHello. I think we'd like to stick with creating the > socket in the kernel, for this reason and for the reasons Hannes mentions > in his reply. Umpf, I presume that's reviewed by security people in IETF so I guess it's done right this time (tm). Your wording seems careful not to imply that you actually need that, tho. Am I over-interpreting?
