|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] Re: Spice project is now open |
Date: | Mon, 14 Dec 2009 09:46:47 -0600 |
User-agent: | Thunderbird 2.0.0.23 (X11/20090825) |
Avi Kivity wrote:
On 12/14/2009 05:17 PM, Daniel P. Berrange wrote:There's no mechanism for this in the SASL libraries. With GNUTLS there is the ability to preserve negotiated session state from one TLS conenectionYes - need to pass the encryption state. Hopefully the crypto stacks support this.and used it upon opening the next connection to fast-track the handshakephase. This doesn't allow you to pass the state for an existing connectionto a new process though and have it carry onThis sucks. But we can ask the client to reauthenticate.
Or instead of passing the socket file descriptor, pass over a socketpair and encrypt the traffic in the server. The encryption requires no knowledge of the protocol so it can be done easily enough in the server.
You're already paying the cost for copying the data. Adding in one copy shouldn't be the end of the world.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |