[Libvir] Register libvirtd ports with IANA ?
Richard W.M. Jones
rjones at redhat.com
Mon Jun 18 12:32:29 UTC 2007
Daniel P. Berrange wrote:
> On Mon, Jun 18, 2007 at 12:09:33PM +0100, Richard W.M. Jones wrote:
>> Daniel P. Berrange wrote:
>>> For the libvirtd we currently use two ports
>>>
>>> 16509 - TCP unencrypted stream
>>> 16514 - TLS encrypted stream
>>>
>>> My first thought is that we should really use consequetive port numbers
>>> eg 16510 and 16511.
>> A few comments ...
>>
>> We don't need to use two ports if we either use a "STARTTLS"-style
>> upgrading of unencrypted to encrypted connections (which is the
>> recommended way to do things instead of using two ports), or more simply
>> we just ditch unencrypted connections. They're disabled by default
>> anyway and not in any way required unless we want libvirt to build
>> without GnuTLS.
>
> The TCP stuff would be useful if you made it listen on 127.0.0.1 and were
> using SSH to connect to libvirt remotely. So since the client sides has
> SSH tunnellin support we probably ought to keep the plain TCP server, since
> you don't want to be tunnelling TLS over SSH :-)
Why's that any more useful than the current ssh method, which uses Unix
domain sockets?
Rich.
--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in
England and Wales under Company Registration No. 03798903
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070618/3d3cddf6/attachment-0001.bin>
More information about the libvir-list
mailing list