qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] NBD TLS support in QEMU

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] NBD TLS support in QEMU
Date: Fri, 5 Sep 2014 13:15:06 +0100
User-agent: Mutt/1.5.23 (2014-03-12) 
On Fri, Sep 05, 2014 at 12:54:45AM +0200, Benoît Canet wrote:
> The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote :
> > On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > > The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > > > Hi,
> > > > QEMU offers both NBD client and server functionality.  The NBD protocol
> > > > runs unencrypted, which is a problem when the client and server
> > > > communicate over an untrusted network.
> > > > 
> > > > The particular use case that prompted this mail is storage migration in
> > > > OpenStack.  The goal is to encrypt the NBD connection between source and
> > > > destination hosts during storage migration.
> > > 
> > > I agree this would be usefull.
> > > 
> > > > 
> > > > I think we can integrate TLS into the NBD protocol as an optional flag.
> > > > A quick web search does not reveal existing open source SSL/TLS NBD
> > > > implementations.  I do see a VMware NBDSSL protocol but there is no
> > > > specification so I guess it is proprietary.
> > > > 
> > > > The NBD protocol starts with a negotiation phase.  This would be the
> > > > appropriate place to indicate that TLS will be used.  After client and
> > > > server complete TLS setup the connection can continue as normal.
> > > 
> > > Prenegociating TLS look like we will accidentaly introduce some security 
> > > hole.
> 
> I was thinking of the fallback to cleartext case.

If the server or client were given a nbds:// URL then don't allow
downgrading to unencrypted.  I think we can implement this without a
security hole.

Stefan

Attachment: pgpGhLpaiySme.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]