[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Improve documentation for TLS

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH] Improve documentation for TLS
Date: Thu, 7 Apr 2016 08:33:49 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1

On 04/07/2016 05:51 AM, Daniel P. Berrange wrote:

>> +
>> +There are four modes of operation for a server. The
>> +server MUST support one of these modes.
>> +
>> +* The server operates entirely without TLS ('NOTLS'); OR
>> +
>> +* The server makes TLS available (for all exports) and
>> +  it is available at the option of the client ('OPTIONALTLS'); OR
>> +
>> +* The server insists upon TLS, and forces the client to
>> +  upgrade by erroring any NBD options other than `NBD_OPT_STARTTLS`
>> +  with `NBD_REP_ERR_TLS_REQD` ('FORCEDTLS'); this in practice means
>> +  that all option negotiation (apart from the `NBD_OPT_STARTTLS`
>> +  itself) is carried out with TLS; OR
>> +
>> +* The server provides TLS, and it is mandatory on zero or more
>> +  exports, and is available at the client's option on all
>> +  other exports ('SELECTIVETLS'). The server does not force
>> +  the client to upgrade to TLS during option haggling (as
>> +  if the client ultimately chose a non-TLS-only export,
>> +  stopping TLS is not possible). Instead it permits the client
>> +  to upgrade as and when it chooses, but unless an upgrade to
>> +  TLS has already taken place, the server errors attempts
>> +  to enter transmission mode on TLS-only exports, MAY
>> +  refuse to provide information about TLS-only exports
>> +  via `NBD_OPT_INFO`, and MAY refuse to provide information
>> +  about non-existent exports via `NBD_OPT_INFO`.
> IMHO, we should not permit what you call OPTIONALTLS or SELECTIVETLS,
> because these open possibilities for a MITM to perform downgrade
> attacks, where the MITM runs TLS to the real server, but runs no-TLS
> to the real client.

On a safe interface (like loopback) where there cannot be a MitM attack,
they still make sense.  I think the protocol should discourage, but not
forbid, their use (and I think the followup mail does this, by
documenting pitfalls of downgrade attacks).

> Both the QEMU NBD server and NBD clients only implement FORCEDTLS.

which is fine. You don't have to implement all four server modes to be
compliant to the protocol, implementing just one is okay.

> ie you tell the client to use TLS and it will refuse to talk to a
> server which doesn't support TLS, and you tell the server to use
> TLS and it will refuse to talk to a client which does not request
> Regards,
> Daniel

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]