Re: [PATCH for discussion] doc: Define a standard URI syntax for NBD URIs.
I intended to write a cover letter, got distracted while sending it
and forgot ...
Anyway I was going to say:
- There's no way to specify abstract Unix domain sockets. Should
there be? I'm not aware of any server that supports them. Luckily
the common approach of using `@` at the beginning should work:
https://unix.stackexchange.com/questions/206386/what-does-the-symbol-denote-in-the-beginning-of-a-unix-domain-socket-path-in-l
- As Wouter already picked up in his review, should we allow a
default Unix domain socket? The corollary to this is: Should we
make the authority mandatory for TCP/IP sockets? Are there
sensible defaults for the authority (localhost:10809 probably).
- I notice that proto.md has a text symlink (proto.txt). Would we
need one for url.txt -> url.md?
Wouter Verhelst wrote:
> Should we perhaps also add query parameters for certificate-based
> authentication?
I think yes, although it could get complicated to define them all.
qemu's NBD client needs a directory name, which contains certificates
with particular names (see Dan's second example here:
https://www.berrange.com/posts/2016/04/05/improving-qemu-security-part-5-tls-support-for-nbd-server-client/
). If we were to specify every file by name then it would require
probably 3 or 4 extra parameters (CA cert, client cert, client private
key file, and optionally revocation list).
For TLS-PSK it only needs the path to the PSK key file. The username
is already provided in the userinfo authority field.
We might also consider a tls type parameter to switch between X.509
certs, PSK and anon.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
Reply to: