From: Anthony Liguori <anthony@codemonkey.ws>
To: Avi Kivity <avi@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
dlaor@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Re: Spice project is now open
Date: Mon, 14 Dec 2009 09:46:47 -0600 [thread overview]
Message-ID: <4B265DE7.1060309@codemonkey.ws> (raw)
In-Reply-To: <4B265814.7060801@redhat.com>
Avi Kivity wrote:
> On 12/14/2009 05:17 PM, Daniel P. Berrange wrote:
>>
>>> Yes - need to pass the encryption state. Hopefully the crypto stacks
>>> support this.
>>>
>> There's no mechanism for this in the SASL libraries. With GNUTLS
>> there is
>> the ability to preserve negotiated session state from one TLS
>> conenection
>> and used it upon opening the next connection to fast-track the handshake
>> phase. This doesn't allow you to pass the state for an existing
>> connection
>> to a new process though and have it carry on
>>
>
> This sucks. But we can ask the client to reauthenticate.
Or instead of passing the socket file descriptor, pass over a socketpair
and encrypt the traffic in the server. The encryption requires no
knowledge of the protocol so it can be done easily enough in the server.
You're already paying the cost for copying the data. Adding in one copy
shouldn't be the end of the world.
Regards,
Anthony Liguori
next prev parent reply other threads:[~2009-12-14 15:46 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1072764996.1548651260538641101.JavaMail.root@zmail05.collab.prod.int.phx2.redhat.com>
2009-12-11 13:45 ` [Qemu-devel] Spice project is now open Yaniv Kamay
2009-12-11 14:03 ` Jun Koi
2009-12-11 14:17 ` Yaniv Kamay
2009-12-11 14:09 ` Alexander Graf
2009-12-11 14:28 ` Jun Koi
2009-12-11 16:34 ` Anthony Liguori
2009-12-11 16:52 ` Chris Wright
2009-12-11 17:01 ` Anthony Liguori
2009-12-11 17:31 ` Chris Wright
2009-12-11 17:02 ` Yaniv Kamay
2009-12-11 17:16 ` Anthony Liguori
2009-12-11 17:21 ` Alexander Graf
2009-12-11 17:28 ` Anthony Liguori
2009-12-11 17:18 ` Alexander Graf
2009-12-11 18:49 ` Glauber Costa
2009-12-11 15:57 ` Anthony Liguori
2009-12-11 16:47 ` Yaniv Kamay
2009-12-11 16:57 ` Chris Wright
2009-12-11 17:00 ` Anthony Liguori
2009-12-11 17:38 ` Johannes Schindelin
2009-12-11 18:48 ` Izik Eidus
2009-12-11 18:57 ` Ben Taylor
2009-12-11 19:06 ` Izik Eidus
2009-12-11 19:09 ` Glauber Costa
2009-12-11 19:00 ` Izik Eidus
2009-12-11 19:06 ` Anthony Liguori
2009-12-11 19:22 ` Izik Eidus
2009-12-11 19:37 ` Glauber Costa
2009-12-11 19:07 ` Glauber Costa
2009-12-11 19:24 ` Izik Eidus
2010-01-23 23:39 ` Izik Eidus
2009-12-11 19:03 ` malc
2009-12-11 19:10 ` Izik Eidus
2009-12-11 19:24 ` malc
2009-12-11 19:33 ` Izik Eidus
2009-12-11 19:53 ` malc
2009-12-11 20:26 ` Izik Eidus
2009-12-13 11:11 ` Izik Eidus
2009-12-11 19:04 ` Anthony Liguori
2009-12-11 19:15 ` Glauber Costa
2009-12-11 19:25 ` Izik Eidus
2009-12-11 19:42 ` Chris Wright
2009-12-11 19:21 ` Izik Eidus
2009-12-11 19:30 ` Anthony Liguori
2009-12-11 19:39 ` Izik Eidus
2009-12-11 19:51 ` Anthony Liguori
2009-12-11 20:21 ` Izik Eidus
2009-12-11 20:46 ` Anthony Liguori
2009-12-11 21:13 ` Izik Eidus
2009-12-11 21:54 ` Anthony Liguori
2009-12-11 22:34 ` Izik Eidus
2009-12-12 0:54 ` [Qemu-devel] " Paolo Bonzini
2009-12-12 3:34 ` Anthony Liguori
2009-12-12 9:14 ` Paolo Bonzini
2009-12-12 15:11 ` Anthony Liguori
2009-12-12 16:09 ` Avi Kivity
2009-12-12 17:28 ` Anthony Liguori
2009-12-13 10:18 ` Avi Kivity
2009-12-11 22:08 ` [Qemu-devel] " Alexander Graf
2009-12-11 22:33 ` Dor Laor
2009-12-11 22:46 ` Izik Eidus
2009-12-11 23:54 ` Alexander Graf
2009-12-12 0:14 ` Izik Eidus
2009-12-12 0:27 ` Alexander Graf
2009-12-12 0:53 ` Izik Eidus
2009-12-12 1:08 ` Alexander Graf
2009-12-12 1:33 ` Izik Eidus
2009-12-11 23:58 ` [Qemu-devel] X support for QXL and SPICE Soeren Sandmann
2009-12-12 0:05 ` [Qemu-devel] " Alexander Graf
2009-12-12 0:31 ` Izik Eidus
2009-12-12 0:37 ` Alexander Graf
2009-12-12 0:08 ` Izik Eidus
2009-12-12 3:31 ` [Qemu-devel] " Anthony Liguori
2009-12-12 3:52 ` Izik Eidus
2009-12-12 15:13 ` Anthony Liguori
2009-12-12 15:29 ` Izik Eidus
2009-12-12 15:43 ` Alexander Graf
2009-12-12 16:01 ` Izik Eidus
2009-12-12 6:22 ` Dave Airlie
2009-12-12 16:39 ` Soeren Sandmann
2009-12-14 14:07 ` Gerd Hoffmann
2009-12-14 13:56 ` [Qemu-devel] Spice project is now open Gerd Hoffmann
2009-12-14 14:33 ` Anthony Liguori
2009-12-11 20:32 ` Izik Eidus
2009-12-11 20:48 ` Anthony Liguori
2009-12-11 21:31 ` Izik Eidus
2009-12-11 21:58 ` Anthony Liguori
2009-12-11 22:55 ` Chris Wright
2009-12-12 3:27 ` Anthony Liguori
2009-12-12 1:03 ` [Qemu-devel] " Paolo Bonzini
2009-12-12 3:44 ` Anthony Liguori
2009-12-12 14:44 ` Andrea Arcangeli
2009-12-12 15:03 ` Anthony Liguori
2009-12-12 16:06 ` Andrea Arcangeli
2009-12-12 17:40 ` Anthony Liguori
2009-12-12 17:48 ` Izik Eidus
2009-12-12 19:26 ` Anthony Liguori
2009-12-12 19:48 ` Izik Eidus
2009-12-12 22:41 ` Dor Laor
2009-12-12 22:35 ` Dor Laor
2009-12-12 23:46 ` Anthony Liguori
2009-12-13 0:23 ` Daniel P. Berrange
2009-12-13 10:46 ` Avi Kivity
2009-12-14 14:42 ` Anthony Liguori
2009-12-14 14:53 ` Avi Kivity
2009-12-14 15:17 ` Daniel P. Berrange
2009-12-14 15:21 ` Avi Kivity
2009-12-14 15:46 ` Anthony Liguori [this message]
2009-12-14 15:10 ` Daniel P. Berrange
2009-12-14 15:50 ` Anthony Liguori
2009-12-14 16:00 ` Avi Kivity
2009-12-14 16:15 ` Anthony Liguori
2009-12-14 17:52 ` Mark McLoughlin
2009-12-13 14:56 ` Gildas Le Nadan
2009-12-14 14:40 ` Gerd Hoffmann
2009-12-14 14:50 ` Anthony Liguori
2009-12-12 23:43 ` Andrea Arcangeli
2009-12-12 23:52 ` Anthony Liguori
2009-12-13 0:04 ` Andrea Arcangeli
2009-12-13 0:18 ` Anthony Liguori
2009-12-13 9:10 ` Izik Eidus
2009-12-15 13:25 ` Soeren Sandmann
2009-12-11 19:25 ` [Qemu-devel] " Mark McLoughlin
2009-12-11 19:38 ` Anthony Liguori
2009-12-11 19:45 ` Mark McLoughlin
2009-12-11 19:53 ` Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B265DE7.1060309@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=aarcange@redhat.com \
--cc=avi@redhat.com \
--cc=dlaor@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).