[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] Register libvirtd ports with IANA ?



Daniel P. Berrange wrote:
On Mon, Jun 18, 2007 at 12:09:33PM +0100, Richard W.M. Jones wrote:
Daniel P. Berrange wrote:
For the libvirtd we currently use two ports

 16509  - TCP unencrypted stream
 16514  - TLS encrypted stream

My first thought is that we should really use consequetive port numbers
eg 16510 and 16511.
A few comments ...

We don't need to use two ports if we either use a "STARTTLS"-style upgrading of unencrypted to encrypted connections (which is the recommended way to do things instead of using two ports), or more simply we just ditch unencrypted connections. They're disabled by default anyway and not in any way required unless we want libvirt to build without GnuTLS.

The TCP stuff would be useful if you made it listen on 127.0.0.1 and were
using  SSH to connect to libvirt remotely. So since the client sides has
SSH tunnellin support we probably ought to keep the plain TCP server, since
you don't want to be tunnelling  TLS over SSH :-)

Why's that any more useful than the current ssh method, which uses Unix domain sockets?

Rich.

--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom.  Registered in
England and Wales under Company Registration No. 03798903

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]