TLS PSK for client authentication

To: nbd@other.debian.org
Subject: TLS PSK for client authentication
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 25 Jun 2018 14:26:48 +0100
Message-id: <[🔎] 20180625132648.GA2631@redhat.com>

TLS PSK is a standardized variant of TLS which allows clients to
authenticate using Pre-Shared Keys.  It is considerably simpler than
setting up X.509 certificates.  I've worked on an implementation of
TLS PSK for nbdkit (server), and I'm working on implementations for
qemu (client) and qemu-nbd (server) too.

As far as I know this doesn't affect or change the NBD protocol.  The
NBD protocol document -- rightly -- says that authentication is left
up to the implementation.

However I thought it might be interesting to people here.

Rich.

PS. There is also TLS SRP for secure password authentication, although
that is problematic because of patents affecting some countries.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

Reply to:

Follow-Ups:
- Re: TLS PSK for client authentication
  - From: "Richard W.M. Jones" <rjones@redhat.com>

Prev by Date: Re: [PATCH] nbd: set discard_alignment to the granularity
Next by Date: Re: TLS PSK for client authentication
Previous by thread: Re: [PATCH] nbd: set discard_alignment to the granularity
Next by thread: Re: TLS PSK for client authentication
Index(es):
- Date
- Thread