From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53646)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1c9r4V-0005Vx-Je
	for qemu-devel@nongnu.org; Thu, 24 Nov 2016 05:16:04 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1c9r4S-0002xn-7S
	for qemu-devel@nongnu.org; Thu, 24 Nov 2016 05:16:03 -0500
Received: from mx1.redhat.com ([209.132.183.28]:59402)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <berrange@redhat.com>) id 1c9r4S-0002w0-1A
	for qemu-devel@nongnu.org; Thu, 24 Nov 2016 05:16:00 -0500
Date: Thu, 24 Nov 2016 10:15:51 +0000
From: "Daniel P. Berrange" <berrange@redhat.com>
Message-ID: <20161124101551.GB11499@redhat.com>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
References: <CAAo6VWPbVYia_JsbtUhqwAufr1_1xOWsFmSxP1NfRijAOv54bg@mail.gmail.com>
	<CAJSP0QW-44yjuvXAc3dpUKaHb8ULSaid6DLhQH23Y3AVpvuNSQ@mail.gmail.com>
	<20161118072621.GA2607@localhost.localdomain>
	<20161118100210.GA28853@stefanha-x1.localdomain>
	<4F9BDA10-1D17-4420-A332-9834E84BF0BC@veritas.com>
	<20161118115450.GB5371@redhat.com>
	<A76A38BA-3682-406C-BB5D-8BDB49732FAA@veritas.com>
	<20161118133611.GC5371@redhat.com>
	<F5931CFE-B5C7-4BD1-BF0B-648030473955@veritas.com>
	<CAAo6VWO3vfSJoCRtHwFN7=Z3iAyH4VwfA5+DpqVdNcbNQGoVgg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CAAo6VWO3vfSJoCRtHwFN7=Z3iAyH4VwfA5+DpqVdNcbNQGoVgg@mail.gmail.com>
Subject: Re: [Qemu-devel] [PATCH v7 RFC] block/vxhs: Initial commit to add
 Veritas HyperScale VxHS block device support
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: ashish mittal <ashmit602@gmail.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>, Jeff Cody <jcody@redhat.com>, qemu-devel <qemu-devel@nongnu.org>, Paolo Bonzini <pbonzini@redhat.com>, Kevin Wolf <kwolf@redhat.com>, Markus Armbruster <armbru@redhat.com>, Fam Zheng <famz@redhat.com>, Ketan Nilangekar <Ketan.Nilangekar@veritas.com>, Ashish Mittal <Ashish.Mittal@veritas.com>, Abhijit Dey <Abhijit.Dey@veritas.com>, Buddhi Madhav <Buddhi.Madhav@veritas.com>, "Venkatesha M.G." <Venkatesha.Mg@veritas.com>, Nitin Jerath <Nitin.Jerath@veritas.com>

On Wed, Nov 23, 2016 at 02:09:50PM -0800, ashish mittal wrote:
> On the topic of protocol security -
> 
> Would it be enough for the first patch to implement only
> authentication and not encryption?

Yes, authentication is the only critical thing from my POV. While encryption
is a nice to have, there are plenty of storage systems which do *not* do
encryption. Guest data can still be protected simply by running LUKS on the
guest disks, so lack of encryption is not a serious security risk, provided
the authentication scheme itself does not require encryption in order to
be secure.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|