Re: [libvirt] [Qemu-devel] spec, RFC: TLS support for NBDµ
For me...
On 10/21/14, 1:30 PM, "Wouter Verhelst" <w(a)uter.be> wrote:
Hi Markus,
On Tue, Oct 21, 2014 at 10:17:17AM +0200, Markus Armbruster wrote:
>
>
> Misunderstanding. I didn't mean to claim "STARTTLS is bad". If I
> wanted to say that, I would've said it directly. I was merely asking
> how you plan to guard against downgrade attacks. I gather your advice
> is to make the client (QEMU) insist on TLS, and check the server's
> certificate. Correct?
My advice is to give both client and server the ability to have TLS
switched on or off, and possibly (but not necessarily so, and certainly
not by default) also the _ability_ to negotiate TLS if the other side
supports it, while not aborting if it doesn't.
As long as there is a way to request a secure connection, without
possibility to failover to a non-secure connection, nor negotiate anything
short of what was requested. In other words, do this or do not; there is
no try.
If I am reading the above paragraph accurately, that scenario could be
configured, right?