[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCHv9] Improve documentation for TLS
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCHv9] Improve documentation for TLS |
Date: |
Tue, 12 Apr 2016 09:15:47 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.1 |
On 04/12/2016 07:27 AM, Alex Bligh wrote:
> * Call out TLS into a separate section
>
> * Add details of the TLS protocol itself
>
> * Emphasise that actual TLS session initiation (i.e. the TLS handshake) can
> be initiated from either side (as required by the TLS standard I believe
> and as actually works in practice)
>
> * Clarify what is a requirement on servers, and what is a requirement on
> clients, separately, specifying their behaviour in a single place
> in the document.
>
> * Document the three possible modes of operation of a server.
>
> * Add text defining what 'terminate the session' means during
> negotiation, and when it is available.
>
> Signed-off-by: Alex Bligh <address@hidden>
> ---
> +#### SELECTIVETLS mode
> +
> +
> +There is a degenerate case of SELECTIVETLS where all
> +exports are TLS-only. This is permitted in part to make programming
> +of servers easier. Operation is a little different from FORCEDTLS,
> +as the client is not forced to upgrade to TLS prior to any options
> +being processed, and the server MAY choose to give information on
> +non-existent exports via NBD_OPT_INFO exports prior to an upgrade
s/exports prior/responses/
> +to TLS.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature