
For me... On 10/21/14, 1:30 PM, "Wouter Verhelst" <w@uter.be> wrote:
Hi Markus,
On Tue, Oct 21, 2014 at 10:17:17AM +0200, Markus Armbruster wrote:
Misunderstanding. I didn't mean to claim "STARTTLS is bad". If I wanted to say that, I would've said it directly. I was merely asking how you plan to guard against downgrade attacks. I gather your advice is to make the client (QEMU) insist on TLS, and check the server's certificate. Correct?
My advice is to give both client and server the ability to have TLS switched on or off, and possibly (but not necessarily so, and certainly not by default) also the _ability_ to negotiate TLS if the other side supports it, while not aborting if it doesn't.
As long as there is a way to request a secure connection, without possibility to failover to a non-secure connection, nor negotiate anything short of what was requested. In other words, do this or do not; there is no try. If I am reading the above paragraph accurately, that scenario could be configured, right?