Re: [libvirt] [Nbd] [Qemu-devel] spec, RFC: TLS support for NBDµ
Hi,
On Thu, Oct 30, 2014 at 10:40:56AM +0000, Stefan Hajnoczi wrote:
On Sat, Oct 25, 2014 at 12:43:35PM +0200, Wouter Verhelst wrote:
> I haven't seen a reply to this anymore. Do people still have comments?
> I'm planning on doing a release of nbd later this weekend, and would
> like to include this (not the TLS implementation yet, but at least the
> spec)
Hi Wouter,
From https://github.com/yoe/nbd/blob/tlsspec/doc/proto.txt:
* NBD_OPT_STARTTLS (5)
The client wishes to initiate TLS. XXX Data.
Is there text missing for "XXX Data"?
Ah, ehm, oops. Yes :-)
That was meant to be a reminder that I hadn't given that any thought
yet. The idea was that maybe we could use the "data" field in the
STARTTLS message to send something to initiate the TLS communication. If
the server rejects TLS, then that data is lost, but otherwise it might
be useful.
OTOH, it could be too complicated to implement.
Also, I suggest at least developing a prototype before releasing the
specification changes. Issues that were unknown ahead of time might be
discovered during development.
Yeah, that's fair enough.
Why the rush to release specification changes?
Not really a rush, I just thought it might be useful. But I suppose
you're right.
Note that I'm not likely to be implementing this "soon". I haven't got
much time right now, and it would be my first time to implement
something which uses TLS; so I would need to do some research in that
area first.
--
It is easy to love a country that is famous for chocolate and beer
-- Barack Obama, speaking in Brussels, Belgium, 2014-03-26