Re: [Qemu-devel] Re: Spice project is now open

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Re: Spice project is now open

From:	Anthony Liguori
Subject:	Re: [Qemu-devel] Re: Spice project is now open
Date:	Mon, 14 Dec 2009 09:46:47 -0600
User-agent:	Thunderbird 2.0.0.23 (X11/20090825)

Avi Kivity wrote:

On 12/14/2009 05:17 PM, Daniel P. Berrange wrote:
Yes - need to pass the encryption state.  Hopefully the crypto stacks
support this.
There's no mechanism for this in the SASL libraries. With GNUTLSthere isthe ability to preserve negotiated session state from one TLSconenection
and used it upon opening the next connection to fast-track the handshake
phase. This doesn't allow you to pass the state for an existingconnection
to a new process though and have it carry on
This sucks.  But we can ask the client to reauthenticate.

Or instead of passing the socket file descriptor, pass over a socketpairand encrypt the traffic in the server. The encryption requires noknowledge of the protocol so it can be done easily enough in the server.

You're already paying the cost for copying the data. Adding in one copyshouldn't be the end of the world.


Regards,

Anthony Liguori

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] Re: Spice project is now open, (continued)

Prev by Date: Re: [Qemu-devel] Re: Spice project is now open
Next by Date: Re: [Qemu-devel] Re: Spice project is now open
Previous by thread: Re: [Qemu-devel] Re: Spice project is now open
Next by thread: Re: [Qemu-devel] Re: Spice project is now open
Index(es):
- Date
- Thread