Il 08/10/2014 20:16, Wouter Verhelst ha scritto:
> @@ -242,10 +242,13 @@ Option types
> * NBD_OPT_EXPORT_NAME (1)
>Choose the export which the client would like to use, and end option
>haggling. Data: name of the export, free-form UTF8 text (subject to
>limitations by server implementa
On Thu, Oct 02, 2014 at 03:50:57PM +0200, Wouter Verhelst wrote:
> On Thu, Oct 02, 2014 at 01:00:04PM +0200, Paolo Bonzini wrote:
> > Il 01/10/2014 22:23, Wouter Verhelst ha scritto:
> > > Hi,
> > >
> > > On Fri, Sep 05, 2014 at 03:26:09PM +0200, Wouter Verhelst wrote:
> > >> Tunneling the entire
On Thu, Oct 02, 2014 at 01:00:04PM +0200, Paolo Bonzini wrote:
> Il 01/10/2014 22:23, Wouter Verhelst ha scritto:
> > Hi,
> >
> > On Fri, Sep 05, 2014 at 03:26:09PM +0200, Wouter Verhelst wrote:
> >> Tunneling the entire protocol inside an SSL connection doesn't fix that;
> >> if an attacker is ab
Il 02/10/2014 13:05, Daniel P. Berrange ha scritto:
> On Wed, Oct 01, 2014 at 10:23:26PM +0200, Wouter Verhelst wrote:
>> Hi,
>>
>> On Fri, Sep 05, 2014 at 03:26:09PM +0200, Wouter Verhelst wrote:
>>> Tunneling the entire protocol inside an SSL connection doesn't fix that;
>>> if an attacker is abl
On Wed, Oct 01, 2014 at 10:23:26PM +0200, Wouter Verhelst wrote:
> Hi,
>
> On Fri, Sep 05, 2014 at 03:26:09PM +0200, Wouter Verhelst wrote:
> > Tunneling the entire protocol inside an SSL connection doesn't fix that;
> > if an attacker is able to hijack your TCP connections and change flags,
> > t
Il 01/10/2014 22:23, Wouter Verhelst ha scritto:
> Hi,
>
> On Fri, Sep 05, 2014 at 03:26:09PM +0200, Wouter Verhelst wrote:
>> Tunneling the entire protocol inside an SSL connection doesn't fix that;
>> if an attacker is able to hijack your TCP connections and change flags,
>> then this attacker i
Hi,
On Fri, Sep 05, 2014 at 03:26:09PM +0200, Wouter Verhelst wrote:
> Tunneling the entire protocol inside an SSL connection doesn't fix that;
> if an attacker is able to hijack your TCP connections and change flags,
> then this attacker is also able to hijack your TCP connection and
> redirect i
On Fri, Sep 05, 2014 at 12:54:45AM +0200, Benoît Canet wrote:
> The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote :
> > On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > > Prenegociating TLS look like we will accidentaly introduce some security
> > > hole.
>
> I was
On Fri, Sep 05, 2014 at 09:46:18AM +0100, Hani Benhabiles wrote:
> On Wed, Sep 03, 2014 at 05:44:17PM +0100, Stefan Hajnoczi wrote:
> > Hi,
> > QEMU offers both NBD client and server functionality. The NBD protocol
> > runs unencrypted, which is a problem when the client and server
> > communicate
On Fri, Sep 05, 2014 at 09:13:26AM +0100, Daniel P. Berrange wrote:
> On Fri, Sep 05, 2014 at 12:02:18AM +0200, Wouter Verhelst wrote:
> > [Cc: to nbd-general list added]
> >
> > On Wed, Sep 03, 2014 at 05:44:17PM +0100, Stefan Hajnoczi wrote:
> > > Hi,
> > > QEMU offers both NBD client and server
On Fri, Sep 05, 2014 at 09:46:18AM +0100, Hani Benhabiles wrote:
> On Wed, Sep 03, 2014 at 05:44:17PM +0100, Stefan Hajnoczi wrote:
> Also, so mean of verification is required (otherwise, back to point 0 being
> vulnerable to sslstrip style attacks) either that the server's cert is signed
> with a
On Fri, Sep 05, 2014 at 12:02:18AM +0200, Wouter Verhelst wrote:
> [Cc: to nbd-general list added]
>
> On Wed, Sep 03, 2014 at 05:44:17PM +0100, Stefan Hajnoczi wrote:
> > Besides QEMU, the userspace NBD tools (http://nbd.sf.net/) can also be
> > extended to support TLS. In this case the kernel n
On Fri, Sep 05, 2014 at 12:54:45AM +0200, Benoît Canet wrote:
> The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote :
> > On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > > The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > > > Hi,
> > > > QEMU o
On Wed, Sep 03, 2014 at 05:44:17PM +0100, Stefan Hajnoczi wrote:
> Hi,
> QEMU offers both NBD client and server functionality. The NBD protocol
> runs unencrypted, which is a problem when the client and server
> communicate over an untrusted network.
>
> The particular use case that prompted this
On Fri, Sep 05, 2014 at 12:02:18AM +0200, Wouter Verhelst wrote:
> [Cc: to nbd-general list added]
>
> On Wed, Sep 03, 2014 at 05:44:17PM +0100, Stefan Hajnoczi wrote:
> > Hi,
> > QEMU offers both NBD client and server functionality. The NBD protocol
> > runs unencrypted, which is a problem when
The Friday 05 Sep 2014 à 00:07:04 (+0200), Wouter Verhelst wrote :
> On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> > The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > > Hi,
> > > QEMU offers both NBD client and server functionality. The NBD protocol
> > >
On Thu, Sep 04, 2014 at 04:19:17PM +0200, Benoît Canet wrote:
> The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> > Hi,
> > QEMU offers both NBD client and server functionality. The NBD protocol
> > runs unencrypted, which is a problem when the client and server
> > communica
[Cc: to nbd-general list added]
On Wed, Sep 03, 2014 at 05:44:17PM +0100, Stefan Hajnoczi wrote:
> Hi,
> QEMU offers both NBD client and server functionality. The NBD protocol
> runs unencrypted, which is a problem when the client and server
> communicate over an untrusted network.
>
> The parti
The Wednesday 03 Sep 2014 à 17:44:17 (+0100), Stefan Hajnoczi wrote :
> Hi,
> QEMU offers both NBD client and server functionality. The NBD protocol
> runs unencrypted, which is a problem when the client and server
> communicate over an untrusted network.
>
> The particular use case that prompted
Hi,
QEMU offers both NBD client and server functionality. The NBD protocol
runs unencrypted, which is a problem when the client and server
communicate over an untrusted network.
The particular use case that prompted this mail is storage migration in
OpenStack. The goal is to encrypt the NBD conn
20 matches
Mail list logo
