From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42399) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aq02k-0004K8-Ae for qemu-devel@nongnu.org; Tue, 12 Apr 2016 11:15:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aq02f-0007Sc-Py for qemu-devel@nongnu.org; Tue, 12 Apr 2016 11:15:54 -0400 Received: from mx1.redhat.com ([209.132.183.28]:43300) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aq02f-0007SL-KC for qemu-devel@nongnu.org; Tue, 12 Apr 2016 11:15:49 -0400 References: <1460467659-2208-1-git-send-email-alex@alex.org.uk> From: Eric Blake Message-ID: <570D1123.9000101@redhat.com> Date: Tue, 12 Apr 2016 09:15:47 -0600 MIME-Version: 1.0 In-Reply-To: <1460467659-2208-1-git-send-email-alex@alex.org.uk> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="G2X5GwDljmhXdJAFK0f3gjSeCOKvRgV8O" Subject: Re: [Qemu-devel] [PATCHv9] Improve documentation for TLS List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Alex Bligh , "nbd-general@lists.sourceforge.net" Cc: Wouter Verhelst , "Daniel P. Berrange" , "qemu-devel@nongnu.org" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --G2X5GwDljmhXdJAFK0f3gjSeCOKvRgV8O Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/12/2016 07:27 AM, Alex Bligh wrote: > * Call out TLS into a separate section >=20 > * Add details of the TLS protocol itself >=20 > * Emphasise that actual TLS session initiation (i.e. the TLS handshake)= can > be initiated from either side (as required by the TLS standard I beli= eve > and as actually works in practice) >=20 > * Clarify what is a requirement on servers, and what is a requirement o= n > clients, separately, specifying their behaviour in a single place > in the document. >=20 > * Document the three possible modes of operation of a server. >=20 > * Add text defining what 'terminate the session' means during > negotiation, and when it is available. >=20 > Signed-off-by: Alex Bligh > --- > +#### SELECTIVETLS mode > + > + > +There is a degenerate case of SELECTIVETLS where all > +exports are TLS-only. This is permitted in part to make programming > +of servers easier. Operation is a little different from FORCEDTLS, > +as the client is not forced to upgrade to TLS prior to any options > +being processed, and the server MAY choose to give information on > +non-existent exports via NBD_OPT_INFO exports prior to an upgrade s/exports prior/responses/ > +to TLS. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --G2X5GwDljmhXdJAFK0f3gjSeCOKvRgV8O Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXDREjAAoJEKeha0olJ0NqZwIH/RcmDDkDehGhZ1/l5JPaXep9 GCiAyIQ9PDZipluPCDcwmMbwHEHbn11fTON7xv7mL5KBk8alLsPtra99F4yKR7rj xRO31r398gB9I2NoO7F6UNMjPMxc1X68Yl6Jf/645hIJY1T7tvPaAtONo/xDosSy es9LKKtG0bWnsa+/mj6RSOJp6GzYvVki43wXUwCkhgskyMpkGSYbqmop7vykD8BQ O5/jaxcXZ3bOYMk5n/RRjBfoxVzKRASiF98zOTgP+vHkzNwRBmtxkIzNNbponiPC cMF5GD/8EwzRlna8FzViNC1p7U38M6HtS2ZjXUtLQUbYMG7tNtczUN3XNyFkKzs= =yPJj -----END PGP SIGNATURE----- --G2X5GwDljmhXdJAFK0f3gjSeCOKvRgV8O--