Re: [Nbd] [PATCH] Improve documentation for TLS
On Thu, Apr 07, 2016 at 08:31:23AM -0600, Eric Blake wrote:
> > +The FORCEDTLS mode of operation has an implementation problem in
> > +that the client MAY legally simply send a `NBD_OPT_EXPORT_NAME`
> > +to enter transmission mode without previously sending any options.
> > +Therefore, if a server uses FORCEDTLS, it SHOULD implement the
> > +INFO extension.
>
> I'd go one step further:
>
> If a server uses FORCEDTLS, it MUST implement the
> NBD_FLAG_FIXED_NEWSTYLE flag, and SHOULD implement the INFO extension.
Yes.
> That way, a client can send ANY option to learn if TLS is required (even
> an option that the server does not recognize); where NBD_OPT_INFO and
> NBD_OPT_LIST are probably the two most useful options, but where ANY
> option works. A server with TLS but not FIXED_NEWSTYLE is pointless
Actually, such a server is technically impossible ;-)
> (since TLS was introduced at the same time as fixed newstyle,
Eh. I don't know where you got that idea, but that's absolutely not
true. Fixed newstyle was introduced five years ago, TLS was introduced
last year or so.
> we can reasonably require, rather than just suggest, that both things
> be implemented at once to be a compliant FORCEDTLS server).
We have to make fixed newstyle a dependency of any form of tls, but
nothing more seems appropriate.
("fixed newstyle" is necessary for *anything* that is not
NBD_OPT_EXPORT_NAME)
[...]
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
Reply to: