[Libguestfs] [PATCH] spec: Clarify STARTTLS vs. STRUCTURED_REPLY

Consider a SELECTIVETLS server and a MitM attacker, under the following NBD_OPT_ handshake scenario: client: mitm: server: < _REP_ACK < _REP_ACK < _REP_ACK < _REP_ACK < _REP_ACK In this scenario, the client is NOT expecting structured replies from the server, but if the server feels obligated to send them based on the plaintext negotiation, it may confuse the client. The MitM attacker was thus able to corrupt the connection, even without having any encryption keys. The only sane approach is to forbid ALL stateful negotiations from having any effect post-encryption (the MitM's injected packet is effectively ignored, and the client proceeds without structured replies). Unfortunately, nbdkit 1.26.0 is buggy in this regards - a CVE will be opened against that product. nbd-server does not yet understand NBD_OPT_STRUCTURED_REPLY, and qemu as server does not use SELECTIVETLS mode, so they are immune. --- doc/proto.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/doc/proto.md b/doc/proto.md index de4a7d7..9dd59da 100644 --- a/doc/proto.md +++ b/doc/proto.md @@ -1166,12 +1166,11 @@ of the newstyle negotiation. the client included data). When this command succeeds, the server MUST NOT preserve any - per-export state (such as metadata contexts from - `NBD_OPT_SET_META_CONTEXT`) issued before this command. The - server MAY preserve global state such as a client request for - `NBD_OPT_STRUCTURED_REPLY`; however, a client SHOULD defer - stateful option requests until after it determines whether - encryption is available. + negotiation state (such as a request for + `NBD_OPT_STRUCTURED_REPLY`, or metadata contexts from + `NBD_OPT_SET_META_CONTEXT`) issued before this command. A client + SHOULD defer all stateful option requests until after it + determines whether encryption is available. See the section on TLS above for further details. @@ -1317,6 +1316,10 @@ of the newstyle negotiation. client MUST NOT make use of those extensions without first enabling the `NBD_OPT_STRUCTURED_REPLY` extension. + If the client requests `NBD_OPT_STARTTLS` after this option, it + MUST renegotiate structured replies and any other dependent + extensions that it desires to use. + * `NBD_OPT_LIST_META_CONTEXT` (9) Return a list of `NBD_REP_META_CONTEXT` replies, one per context, -- 2.31.1