Re: [Qemu-devel] NBD TLS support in QEMU

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] NBD TLS support in QEMU

From:	Wouter Verhelst
Subject:	Re: [Qemu-devel] NBD TLS support in QEMU
Date:	Fri, 5 Sep 2014 00:07:04 +0200
User-agent:	Mutt/1.5.23 (2014-03-12)

On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > Hi,
> > QEMU offers both NBD client and server functionality.  The NBD protocol
> > runs unencrypted, which is a problem when the client and server
> > communicate over an untrusted network.
> > 
> > The particular use case that prompted this mail is storage migration in
> > OpenStack.  The goal is to encrypt the NBD connection between source and
> > destination hosts during storage migration.
> 
> I agree this would be usefull.
> 
> > 
> > I think we can integrate TLS into the NBD protocol as an optional flag.
> > A quick web search does not reveal existing open source SSL/TLS NBD
> > implementations.  I do see a VMware NBDSSL protocol but there is no
> > specification so I guess it is proprietary.
> > 
> > The NBD protocol starts with a negotiation phase.  This would be the
> > appropriate place to indicate that TLS will be used.  After client and
> > server complete TLS setup the connection can continue as normal.
> 
> Prenegociating TLS look like we will accidentaly introduce some security hole.

Can you elaborate on that? How would it be a security hole?

> Why not just using a dedicated port and let the TLS handshake happen normaly ?

Because STARTTLS(-like) protocols are much cleaner; no need to open two
firewall ports. Also, when I made the request for a port number at IANA,
I was told I wouldn't get another port for a "secure" variant -- which
makes sense. As such, if the reference implementation is ever going to
support TLS, it has to be in a way where it is negotiated at setup time.

SMTP can do this safely. So can LDAP. I'm sure we can come up with a
safe way of negotiating TLS.

If you want to disallow nonencrypted communication, I'm sure it can be
made possible to require TLS for (some of) your exports.

(my objections on userspace/kernelspace issues still stand, however)

-- 
It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] NBD TLS support in QEMU, Stefan Hajnoczi, 2014/09/03
- Re: [Qemu-devel] NBD TLS support in QEMU, Benoît Canet, 2014/09/04
  - Re: [Qemu-devel] [libvirt] NBD TLS support in QEMU, Daniel P. Berrange, 2014/09/04
    - Re: [Qemu-devel] [libvirt] NBD TLS support in QEMU, Benoît Canet, 2014/09/04
    - Re: [Qemu-devel] [libvirt] NBD TLS support in QEMU, Stefan Hajnoczi, 2014/09/04
    - Re: [Qemu-devel] [libvirt] NBD TLS support in QEMU, John Snow, 2014/09/04
  - Re: [Qemu-devel] NBD TLS support in QEMU, Wouter Verhelst <=
    - Re: [Qemu-devel] NBD TLS support in QEMU, Benoît Canet, 2014/09/04
    - Re: [Qemu-devel] NBD TLS support in QEMU, Stefan Hajnoczi, 2014/09/05
    - Re: [Qemu-devel] NBD TLS support in QEMU, Wouter Verhelst, 2014/09/05
- Re: [Qemu-devel] NBD TLS support in QEMU, Wouter Verhelst, 2014/09/04
  - Re: [Qemu-devel] NBD TLS support in QEMU, Daniel P. Berrange, 2014/09/05
    - Re: [Qemu-devel] NBD TLS support in QEMU, Wouter Verhelst, 2014/09/05
  - Re: [Qemu-devel] NBD TLS support in QEMU, Stefan Hajnoczi, 2014/09/05
- Re: [Qemu-devel] [libvirt] NBD TLS support in QEMU, Michal Privoznik, 2014/09/05
  - Re: [Qemu-devel] [libvirt] NBD TLS support in QEMU, Daniel P. Berrange, 2014/09/05
- Re: [Qemu-devel] NBD TLS support in QEMU, Hani Benhabiles, 2014/09/05

Prev by Date: Re: [Qemu-devel] NBD TLS support in QEMU
Next by Date: Re: [Qemu-devel] [Qemu-ppc] [PULL 00/52] ppc patch queue 2014-09-04
Previous by thread: Re: [Qemu-devel] [libvirt] NBD TLS support in QEMU
Next by thread: Re: [Qemu-devel] NBD TLS support in QEMU
Index(es):
- Date
- Thread