On Tue, Oct 21, 2014 at 10:35:06AM +0100, Daniel P. Berrange wrote:
> On Tue, Oct 21, 2014 at 12:10:39AM +0200, Wouter Verhelst wrote:
> > On Mon, Oct 20, 2014 at 01:56:43PM +0200, Florian Weimer wrote:
> > > I cannot comment on whether the proposed STARTTLS command is at the
> > > correct
> > > s
On Tue, Oct 21, 2014 at 12:10:39AM +0200, Wouter Verhelst wrote:
> On Mon, Oct 20, 2014 at 01:56:43PM +0200, Florian Weimer wrote:
> > I cannot comment on whether the proposed STARTTLS command is at the correct
> > stage of the NBD protocol. If there is a protocol description for NBD, I
> > can ha
On Mon, Oct 20, 2014 at 01:56:43PM +0200, Florian Weimer wrote:
> I cannot comment on whether the proposed STARTTLS command is at the correct
> stage of the NBD protocol. If there is a protocol description for NBD, I
> can have a look.
To make this discussion in that regard a bit easier, I've com
On Mon, Oct 20, 2014 at 01:56:43PM +0200, Florian Weimer wrote:
> On 10/20/2014 01:51 PM, Markus Armbruster wrote:
> >Furthermore, STARTTLS is vulnerable to active attacks: if you can get
> >between the peers, you can make them fall back to unencrypted silently.
> >How do you plan to guard against
On 10/20/2014 01:51 PM, Markus Armbruster wrote:
Furthermore, STARTTLS is vulnerable to active attacks: if you can get
between the peers, you can make them fall back to unencrypted silently.
How do you plan to guard against that?
The usual way to deal with this is to use different syntax for
T
On Mon, Oct 20, 2014 at 01:51:43PM +0200, Markus Armbruster wrote:
> Stefan Hajnoczi writes:
>
> > On Mon, Oct 20, 2014 at 08:58:14AM +0100, Daniel P. Berrange wrote:
> >> On Sat, Oct 18, 2014 at 07:33:22AM +0100, Richard W.M. Jones wrote:
> >> > On Sat, Oct 18, 2014 at 12:03:23AM +0200, Wouter V
Stefan Hajnoczi writes:
> On Mon, Oct 20, 2014 at 08:58:14AM +0100, Daniel P. Berrange wrote:
>> On Sat, Oct 18, 2014 at 07:33:22AM +0100, Richard W.M. Jones wrote:
>> > On Sat, Oct 18, 2014 at 12:03:23AM +0200, Wouter Verhelst wrote:
>> > > Hi all,
>> > >
>> > > (added rjones from nbdkit fame -
On Mon, Oct 20, 2014 at 08:58:14AM +0100, Daniel P. Berrange wrote:
> On Sat, Oct 18, 2014 at 07:33:22AM +0100, Richard W.M. Jones wrote:
> > On Sat, Oct 18, 2014 at 12:03:23AM +0200, Wouter Verhelst wrote:
> > > Hi all,
> > >
> > > (added rjones from nbdkit fame -- hi there)
> >
> > [I'm happy t
On Sat, Oct 18, 2014 at 07:33:22AM +0100, Richard W.M. Jones wrote:
> On Sat, Oct 18, 2014 at 12:03:23AM +0200, Wouter Verhelst wrote:
> > Hi all,
> >
> > (added rjones from nbdkit fame -- hi there)
>
> [I'm happy to implement whatever you come up with, but I've added
> Florian Weimer to CC who i
On Sat, Oct 18, 2014 at 12:03:23AM +0200, Wouter Verhelst wrote:
> Hi all,
>
> (added rjones from nbdkit fame -- hi there)
[I'm happy to implement whatever you come up with, but I've added
Florian Weimer to CC who is part of Red Hat's product security group]
> So I think the following would make
Hi all,
(added rjones from nbdkit fame -- hi there)
So I think the following would make sense to allow TLS in NBD.
This would extend the newstyle negotiation by adding two options (i.e.,
client requests), one server reply, and one server error as well as
extend one existing reply, in the followi
11 matches
Mail list logo
