From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50570)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1aoByC-0004tk-GZ
	for qemu-devel@nongnu.org; Thu, 07 Apr 2016 11:35:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1aoBy7-0005Z8-NI
	for qemu-devel@nongnu.org; Thu, 07 Apr 2016 11:35:44 -0400
Received: from mx1.redhat.com ([209.132.183.28]:57919)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1aoBy7-0005Z3-Fc
	for qemu-devel@nongnu.org; Thu, 07 Apr 2016 11:35:39 -0400
References: <1460028959-59091-1-git-send-email-alex@alex.org.uk>
	<20160407115159.GE19932@redhat.com>
	<4B431A9F-94A5-4F35-BE43-8C1E5767D0E3@alex.org.uk>
	<97F7DE7A-30CA-49C0-8122-51B3FD71B7E3@alex.org.uk>
From: Eric Blake <eblake@redhat.com>
Message-ID: <57067E49.8010608@redhat.com>
Date: Thu, 7 Apr 2016 09:35:37 -0600
MIME-Version: 1.0
In-Reply-To: <97F7DE7A-30CA-49C0-8122-51B3FD71B7E3@alex.org.uk>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="20MNShVs3WI5F3MRCWGOog9939Pb3McvI"
Subject: Re: [Qemu-devel] [PATCH] Improve documentation for TLS
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alex Bligh <alex@alex.org.uk>, "Daniel P. Berrange" <berrange@redhat.com>
Cc: "nbd-general@lists.sourceforge.net" <nbd-general@lists.sourceforge.net>, Wouter Verhelst <w@uter.be>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--20MNShVs3WI5F3MRCWGOog9939Pb3McvI
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 04/07/2016 06:36 AM, Alex Bligh wrote:
>=20
> On 7 Apr 2016, at 13:13, Alex Bligh <alex@alex.org.uk> wrote:
>=20
>> I guess it's worth documenting
>> this, though I thought it was obvious.
>=20
> The next version will have this section:
>=20
> ### Downgrade attacks
>=20
> A danger inherent in any scheme	relying	on the negotiation

too much space

> of whether TLS should be employed is downgrade attacks.
>=20
> There are two main dangers:
>=20
> * A Man-in-the-Middle (MitM) hijacks a session and impersonates
>   the server (possibly by proxying it) claiming	not to support
>   TLS. In this manner, the client is confused into operating
>   in a plain-text manner with the MitM (with the session possibly
>   being	proxied	in plain-text to the server using the method
>   below).

looks like too much space is a problem in general in this rough draft;
I'll quit pointing it out and assume you will reflow before final
submission.

>=20
> * The MitM hijacks a session and impersonates the client
>   (possibly by proxying	it) claiming not to support TLS. In
>   this manner the server is confused into oeprating in a plain-text

s/oeprating/operating/

>   manner with the MitM (with the session being possibly
>   proxied to the server with the method above).

s/server/client/

>=20
> With regard to the first, any client that does not wish
> to be subject to potential downgrade attack SHOULD ensure
> that if	a TLS endpoint is specified by the client, it
> ensures	that TLS is negotiated prior to	sending	or
> requesting sensitive data. To recap, yhe client MAY send

s/yhe/the/

> `NBD_OPT_STARTTLS` at any point	during option haggling,
> and MAY	disconnect the session if `NBD_REP_ACK`	is not
> provided.

Probably want to add: "but the client SHOULD strongly consider sending
`NBD_OPT_STARTTLS` as its first option"

>=20
> With regard to the second, any server that does	not wish
> to be subject to a potential downgrade attack SHOULD either
> used FORCEDTLS mode, or	should force TLS on those exports
> it is concerned about using SELECTIVE mode and TLS-only
> exports. It is not possible to avoid downgrade attacks
> on exports which are may be served either via TLS or
> in plain text.

Probably want to add: "OPTIONALTLS mode SHOULD NOT be used if there is a
potential for man-in-the-middle attacks"


--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--20MNShVs3WI5F3MRCWGOog9939Pb3McvI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJXBn5JAAoJEKeha0olJ0NqSgAH/31zXkpfwJvbfOIb4m+/JnW8
/wlGf/bZZOZrL/tRq+EzN1nUxZsutvJJahQvfDhNI7b8StII71KhIzzS6FdgJMfV
+IyLCbCqPgnSCkYA17Nwq1XWu1mQvtL7JNDUTRaJBu4q5rlW1FUwmSPWAjarPWBQ
FjaVfpj/qPSG0RmdORv7fvLFP/my045zLoiiD5FaYstQ2cUW0sTFjyDsQG+95A09
ZE4ha0NeHH/Ds2t02a/n1VE1AT+nF2E+SwLQLgRXnt85lqxGnmLBNNvNXFAGtS4g
UNK0GkEq25GYdIW6XZlnOhQS6BCVmpq/tiaJMwrY/rTICaKfsmjei+luJWSIdAg=
=HIsJ
-----END PGP SIGNATURE-----

--20MNShVs3WI5F3MRCWGOog9939Pb3McvI--