From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33663) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XPYao-00014s-PX for qemu-devel@nongnu.org; Thu, 04 Sep 2014 11:05:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XPYaj-0007PJ-Ld for qemu-devel@nongnu.org; Thu, 04 Sep 2014 11:04:58 -0400 Received: from lputeaux-656-01-25-125.w80-12.abo.wanadoo.fr ([80.12.84.125]:46826 helo=paradis.irqsave.net) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XPYaj-0007P8-Eo for qemu-devel@nongnu.org; Thu, 04 Sep 2014 11:04:53 -0400 Date: Thu, 4 Sep 2014 17:04:06 +0200 From: =?iso-8859-1?Q?Beno=EEt?= Canet Message-ID: <20140904150406.GA8094@irqsave.net> References: <20140903164417.GA32748@stefanha-thinkpad.redhat.com> <20140904141916.GA28417@irqsave.net> <20140904143459.GN772@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <20140904143459.GN772@redhat.com> Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [libvirt] NBD TLS support in QEMU List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: =?iso-8859-1?Q?Beno=EEt?= Canet , Hani Benhabiles , libvir-list@redhat.com, qemu-devel@nongnu.org, Max Reitz , Stefan Hajnoczi , nick@bytemark.co.uk, w@uter.be, Paolo Bonzini The Thursday 04 Sep 2014 =E0 15:34:59 (+0100), Daniel P. Berrange wrote : > On Thu, Sep 04, 2014 at 04:19:17PM +0200, Beno=EEt Canet wrote: > > The Wednesday 03 Sep 2014 =E0 17:44:17 (+0100), Stefan Hajnoczi wrote= : > > > Hi, > > > QEMU offers both NBD client and server functionality. The NBD prot= ocol > > > runs unencrypted, which is a problem when the client and server > > > communicate over an untrusted network. > > >=20 > > > The particular use case that prompted this mail is storage migratio= n in > > > OpenStack. The goal is to encrypt the NBD connection between sourc= e and > > > destination hosts during storage migration. > >=20 > > I agree this would be usefull. > >=20 > > >=20 > > > I think we can integrate TLS into the NBD protocol as an optional f= lag. > > > A quick web search does not reveal existing open source SSL/TLS NBD > > > implementations. I do see a VMware NBDSSL protocol but there is no > > > specification so I guess it is proprietary. > > >=20 > > > The NBD protocol starts with a negotiation phase. This would be th= e > > > appropriate place to indicate that TLS will be used. After client = and > > > server complete TLS setup the connection can continue as normal. > >=20 > > Prenegociating TLS look like we will accidentaly introduce some secur= ity hole. > > Why not just using a dedicated port and let the TLS handshake happen = normaly ? >=20 > The mgmt app (libvirt in this case) chooses an arbitrary port when > telling QEMU to setup NBD, so we don't need to specify any alternate > port. I'd expect that libvirt just tell QEMU to enable NBD at both > ends, and we immediately do the TLS handshake upon opening the > connection. Only once TLS is established, should the NBD protocol > start running. IOW we don't need to modify the NBD protocol at all. >=20 > If the mgmt app tells QEMU to enable TLS at one end and not the > other, the mgmt app gets what it deserves (a failed TLS handshake). > We certainly would not want QEMU to auto-negotiate and fallback > to plain text in this case. I agree. Best regards Beno=EEt >=20 > Regards, > Daniel > --=20 > |: http://berrange.com -o- http://www.flickr.com/photos/dberran= ge/ :| > |: http://libvirt.org -o- http://virt-manager.= org :| > |: http://autobuild.org -o- http://search.cpan.org/~danbe= rr/ :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-= vnc :| >=20