From: "Benoît Canet" <benoit.canet@irqsave.net>
To: Wouter Verhelst <w@uter.be>
Cc: "Benoît Canet" <benoit.canet@irqsave.net>,
"Hani Benhabiles" <kroosec@gmail.com>,
libvir-list@redhat.com, nick@bytemark.co.uk,
qemu-devel@nongnu.org, "Max Reitz" <mreitz@redhat.com>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
nbd-generic@lists.sf.net, "Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] NBD TLS support in QEMU
Date: Fri, 5 Sep 2014 00:54:45 +0200 [thread overview]
Message-ID: <20140904225445.GA25202@irqsave.net> (raw)
In-Reply-To: <20140904220704.GB25871@grep.be>
The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote :
> On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > > Hi,
> > > QEMU offers both NBD client and server functionality. The NBD protocol
> > > runs unencrypted, which is a problem when the client and server
> > > communicate over an untrusted network.
> > >
> > > The particular use case that prompted this mail is storage migration in
> > > OpenStack. The goal is to encrypt the NBD connection between source and
> > > destination hosts during storage migration.
> >
> > I agree this would be usefull.
> >
> > >
> > > I think we can integrate TLS into the NBD protocol as an optional flag.
> > > A quick web search does not reveal existing open source SSL/TLS NBD
> > > implementations. I do see a VMware NBDSSL protocol but there is no
> > > specification so I guess it is proprietary.
> > >
> > > The NBD protocol starts with a negotiation phase. This would be the
> > > appropriate place to indicate that TLS will be used. After client and
> > > server complete TLS setup the connection can continue as normal.
> >
> > Prenegociating TLS look like we will accidentaly introduce some security hole.
I was thinking of the fallback to cleartext case.
As a regular developper I am afraid of doing something creative with
cryptography.
>
> Can you elaborate on that? How would it be a security hole?
>
> > Why not just using a dedicated port and let the TLS handshake happen normaly ?
>
> Because STARTTLS(-like) protocols are much cleaner; no need to open two
> firewall ports. Also, when I made the request for a port number at IANA,
> I was told I wouldn't get another port for a "secure" variant -- which
> makes sense. As such, if the reference implementation is ever going to
> support TLS, it has to be in a way where it is negotiated at setup time.
>
> SMTP can do this safely. So can LDAP. I'm sure we can come up with a
> safe way of negotiating TLS.
>
> If you want to disallow nonencrypted communication, I'm sure it can be
> made possible to require TLS for (some of) your exports.
>
> (my objections on userspace/kernelspace issues still stand, however)
>
> --
> It is easy to love a country that is famous for chocolate and beer
>
> -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
>
next prev parent reply other threads:[~2014-09-04 22:55 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-03 16:44 [Qemu-devel] NBD TLS support in QEMU Stefan Hajnoczi
2014-09-04 14:19 ` Benoît Canet
2014-09-04 14:34 ` [Qemu-devel] [libvirt] " Daniel P. Berrange
2014-09-04 15:04 ` Benoît Canet
2014-09-04 15:45 ` Stefan Hajnoczi
2014-09-04 15:54 ` John Snow
2014-09-04 22:07 ` [Qemu-devel] " Wouter Verhelst
2014-09-04 22:54 ` Benoît Canet [this message]
2014-09-05 8:42 ` Wouter Verhelst
2014-09-05 12:15 ` Stefan Hajnoczi
2014-09-04 22:02 ` Wouter Verhelst
2014-09-05 8:13 ` Daniel P. Berrange
2014-09-05 8:34 ` Wouter Verhelst
2014-09-05 12:21 ` Stefan Hajnoczi
2014-09-05 6:23 ` [Qemu-devel] [libvirt] " Michal Privoznik
2014-09-05 8:10 ` Daniel P. Berrange
2014-09-05 8:46 ` [Qemu-devel] " Hani Benhabiles
2014-09-05 12:31 ` Stefan Hajnoczi
2014-09-05 13:26 ` Wouter Verhelst
2014-10-01 20:23 ` Wouter Verhelst
2014-10-02 11:00 ` Paolo Bonzini
2014-10-02 13:50 ` Wouter Verhelst
2014-10-08 18:16 ` Wouter Verhelst
2014-10-09 12:42 ` Paolo Bonzini
2014-10-02 11:05 ` Daniel P. Berrange
2014-10-02 11:28 ` Paolo Bonzini
2014-10-17 22:03 ` [Qemu-devel] spec, RFC: TLS support for NBD Wouter Verhelst
2014-10-18 6:33 ` Richard W.M. Jones
2014-10-20 7:58 ` Daniel P. Berrange
2014-10-20 9:56 ` Stefan Hajnoczi
2014-10-20 11:51 ` Markus Armbruster
2014-10-20 11:56 ` Florian Weimer
2014-10-20 12:48 ` Richard W.M. Jones
2014-10-20 22:10 ` Wouter Verhelst
2014-10-21 9:35 ` Daniel P. Berrange
2014-10-21 18:02 ` Wouter Verhelst
2014-10-20 12:08 ` Daniel P. Berrange
2014-10-20 21:53 ` [Qemu-devel] spec, RFC: TLS support for NBDµ Wouter Verhelst
2014-10-21 8:17 ` Markus Armbruster
2014-10-21 18:30 ` Wouter Verhelst
2014-10-25 10:43 ` [Qemu-devel] [Nbd] " Wouter Verhelst
2014-10-30 10:40 ` Stefan Hajnoczi
2014-10-31 18:15 ` Wouter Verhelst
2014-11-03 14:30 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140904225445.GA25202@irqsave.net \
--to=benoit.canet@irqsave.net \
--cc=kroosec@gmail.com \
--cc=libvir-list@redhat.com \
--cc=mreitz@redhat.com \
--cc=nbd-generic@lists.sf.net \
--cc=nick@bytemark.co.uk \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=w@uter.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).