On Fri, Sep 05, 2014 at 12:54:45AM +0200, Benoît Canet wrote:
The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote :
On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
Hi, QEMU offers both NBD client and server functionality. The NBD protocol runs unencrypted, which is a problem when the client and server communicate over an untrusted network.
The particular use case that prompted this mail is storage migration in OpenStack. The goal is to encrypt the NBD connection between source and destination hosts during storage migration.
I agree this would be usefull.
I think we can integrate TLS into the NBD protocol as an optional flag. A quick web search does not reveal existing open source SSL/TLS NBD implementations. I do see a VMware NBDSSL protocol but there is no specification so I guess it is proprietary.
The NBD protocol starts with a negotiation phase. This would be the appropriate place to indicate that TLS will be used. After client and server complete TLS setup the connection can continue as normal.
Prenegociating TLS look like we will accidentaly introduce some security hole.
I was thinking of the fallback to cleartext case.
If the server or client were given a nbds:// URL then don't allow downgrading to unencrypted. I think we can implement this without a security hole. Stefan