Hi,
On Fri, Sep 05, 2014 at 03:26:09PM +0200, Wouter Verhelst wrote:
Tunneling the entire protocol inside an SSL connection doesn't
fix that;
if an attacker is able to hijack your TCP connections and change flags,
then this attacker is also able to hijack your TCP connection and
redirect it to a decrypting/encrypting proxy.
I agree that preventing a possible SSL downgrade attack (and other forms
of MITM) should be high on the priority list, but "tunnel the whole
thing in SSL" doesn't do that.
So, having given this some thought, I wanted to come up with a spec just
so that we had something we could all agree on. As part of that, I had a
look at qemu-nbd, and noticed that it uses the "oldstyle" handshake
protocol (on port 10809 by default -- ew, please don't do that).
I had to change the protocol incompatibly a few years back, because the
oldstyle protocol is broken by design; in the oldstyle negotiation
protocol, the server dumps all information it has on the export to the
client, and then moves on to the data negotiation phase, without waiting
for any reply from the client. This means the oldstyle protocol can't be
used for any sort of negotiation[1].
As such, I strongly suggest that qemu-nbd move to the newstyle protocol.
This would also allow you to use named exports and various other things,
and would allow negotiation of TLS or SASL in a clean and proper way.
[1] That sole issue is the reason I broke backwards compatibility with
the newstyle handshake protocol, and is also why I reserved 10809,
the port assigned to nbd by IANA at my request, to be for newstyle
handshakes only.
--
It is easy to love a country that is famous for chocolate and beer
-- Barack Obama, speaking in Brussels, Belgium, 2014-03-26