From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36382)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1ZoD3X-0001Uq-H1
	for qemu-devel@nongnu.org; Mon, 19 Oct 2015 12:13:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1ZoD3W-0004SM-I5
	for qemu-devel@nongnu.org; Mon, 19 Oct 2015 12:13:03 -0400
References: <1445267389-21846-1-git-send-email-berrange@redhat.com>
	<1445267389-21846-2-git-send-email-berrange@redhat.com>
	<562509E0.7060608@redhat.com> <20151019152408.GC17892@redhat.com>
	<56250ED8.2000406@redhat.com> <20151019154627.GD17892@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <56251685.9050806@redhat.com>
Date: Mon, 19 Oct 2015 18:12:53 +0200
MIME-Version: 1.0
In-Reply-To: <20151019154627.GD17892@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object
 class for password/key handling
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Ronnie Sahlberg <ronniesahlberg@gmail.com>, qemu-block@nongnu.org, Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>



On 19/10/2015 17:46, Daniel P. Berrange wrote:
>> > The difference is that guest-file-read/write have the payload in JSON;
>> > for file-based secrets the payload is not JSON.
> For non-file based secrets though, the payload *is* in the JSON,
> and per the cover letter, I actually anticipate passing all
> secrets inline in the JSON and only using the file backend for
> loading the initial master key. This avoids the need to do
> file handle passing and/or create lots of temporary files, when
> hotplugging resources.
> 
> > So I think that "binary" (which is the default anyway) would fit all the
> > usecases (direct over JSON, file-based, direct over command line).
> > Direct over JSON would be limited to valid UTF-8, but that's just a
> > limitation of the transport.
> 
> I don't think that's actually an acceptable limitation - I want the
> inline data passing to be fully usable for non-UTF-8 data too.

Of course, there's base64 for that.  On the other hand, I think there's
no reason for unencoded file-based data passing to be usable for UTF-8
data only.

Paolo