Especially useful in light of the recent publishing of
https://nostarttls.secvuln.info/, which documents a variety of
implementations vulnerable to downgrade attacks in SMTP and IMAP, as
well as its caution that that any protocol with a STARTTLS operation
(which includes NBD) needs to be aware of the potential downgrade
attacks.
The NBD protocol documentation already covers what is necessary to
avoid the effects of a downgrade attack, and all known implementations
of NBD servers and clients with working NBD_OPT_STARTTLS have at least
one mode where TLS is mandatory rather than opportunistic. So I don't
see this as a CVE against the NBD protocol itself, so much as a worry
about the potential for future poor implementations that disregard the
documentation.
---
I'm likely to push this to the NBD spec later this week if it doesn't
receive any reviews beforehand.
doc/uri.md | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/doc/uri.md b/doc/uri.md
index 925ad4b..28aa94d 100644
--- a/doc/uri.md
+++ b/doc/uri.md
@@ -73,6 +73,12 @@ One of the following scheme names SHOULD be used to indicate an NBD
URI:
Other URI scheme names MAY be used but not all NBD clients will
understand them or even recognize that they refer to NBD.
+Note that using opportunistically encrypted connections (via the `nbd`
+or `nbd+unix` scheme) risks a protocol downgrade attack; whereas
+requests for a secure connection (via the `nbds` or `nbds+unix`
+scheme) MUST use TLS to connect. For more details, see
+<https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md#security-considerations>
+
## NBD URI authority
The authority field SHOULD be used for TCP/IP connections and SHOULD
--
2.31.1