[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCHv9] Improve documentation for TLS

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCHv9] Improve documentation for TLS
Date: Tue, 12 Apr 2016 09:15:47 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1

On 04/12/2016 07:27 AM, Alex Bligh wrote:
> * Call out TLS into a separate section
> * Add details of the TLS protocol itself
> * Emphasise that actual TLS session initiation (i.e. the TLS handshake) can
>   be initiated from either side (as required by the TLS standard I believe
>   and as actually works in practice)
> * Clarify what is a requirement on servers, and what is a requirement on
>   clients, separately, specifying their behaviour in a single place
>   in the document.
> * Document the three possible modes of operation of a server.
> * Add text defining what 'terminate the session' means during
>   negotiation, and when it is available.
> Signed-off-by: Alex Bligh <address@hidden>
> ---

> +#### SELECTIVETLS mode
> +

> +
> +There is a degenerate case of SELECTIVETLS where all
> +exports are TLS-only. This is permitted in part to make programming
> +of servers easier. Operation is a little different from FORCEDTLS,
> +as the client is not forced to upgrade to TLS prior to any options
> +being processed, and the server MAY choose to give information on
> +non-existent exports via NBD_OPT_INFO exports prior to an upgrade

s/exports prior/responses/

> +to TLS.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]