TLS PSK for client authentication
TLS PSK is a standardized variant of TLS which allows clients to
authenticate using Pre-Shared Keys. It is considerably simpler than
setting up X.509 certificates. I've worked on an implementation of
TLS PSK for nbdkit (server), and I'm working on implementations for
qemu (client) and qemu-nbd (server) too.
As far as I know this doesn't affect or change the NBD protocol. The
NBD protocol document -- rightly -- says that authentication is left
up to the implementation.
However I thought it might be interesting to people here.
PS. There is also TLS SRP for secure password authentication, although
that is problematic because of patents affecting some countries.
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.