Re: [Nbd] NBD_OPT_GO
- To: Alex Bligh <alex@...872...>
- Cc: "nbd-general@lists.sourceforge.net" <nbd-general@lists.sourceforge.net>
- Subject: Re: [Nbd] NBD_OPT_GO
- From: Wouter Verhelst <w@...112...>
- Date: Tue, 5 Apr 2016 19:17:13 +0200
- Message-id: <20160405171713.GB31392@...3...>
- In-reply-to: <4FCD1D5B-6F3F-4EC7-8412-0E806518E0EB@...872...>
- References: <BCE061F2-C16D-44E7-865A-4BB0A7C85088@...2364...> <5703C25F.6080303@...696...> <C329E25D-B352-471C-B348-82EC7C5EDCE1@...2364...> <5703D708.9080605@...696...> <C7AACE89-CBCD-4CC7-ACA7-C360D8BD3E75@...2364...> <5703DE26.2090707@...696...> <4FCD1D5B-6F3F-4EC7-8412-0E806518E0EB@...872...>
On Tue, Apr 05, 2016 at 04:56:28PM +0100, Alex Bligh wrote:
> What I presumed was the reason was that the client could try
> selecting disk 'foo' prior to the TLS, but a man-in-the-middle
> could (whilst cleverly hijacking the TCP session) change this
> to a select of disk 'bar' (which might be his own and laden
> with malware).
That was (more or less) the idea, yes. Data sent over the wire in the
clear should *not* be able to poison an encrypted connection later on,
even if it is done in the same TCP session.
I don't think it makes sense for a server to *refuse* to serve something
over TLS if it *is* willing to export the same in the clear (the reverse
does make sense). If we were going to do that, we would also require
something to negotiate our way out of TLS, anyway, and I don't want to
do that.
Dropping the side effects of SELECT (and renaming that to INFO), as I
suggested in my other mail, will fix this problem. I'll need to rename
the extension too then, of course :-)
[...]
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
Reply to: