[Libguestfs] [PATCH] docs: Link to protocol security considerations in uri docs

Eric Blake eblake at redhat.com
Tue Aug 10 18:08:59 UTC 2021

Especially useful in light of the recent publishing of
https://nostarttls.secvuln.info/, which documents a variety of
implementations vulnerable to downgrade attacks in SMTP and IMAP, as
well as its caution that that any protocol with a STARTTLS operation
(which includes NBD) needs to be aware of the potential downgrade

The NBD protocol documentation already covers what is necessary to
avoid the effects of a downgrade attack, and all known implementations
of NBD servers and clients with working NBD_OPT_STARTTLS have at least
one mode where TLS is mandatory rather than opportunistic.  So I don't
see this as a CVE against the NBD protocol itself, so much as a worry
about the potential for future poor implementations that disregard the

I'm likely to push this to the NBD spec later this week if it doesn't
receive any reviews beforehand.

 doc/uri.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/uri.md b/doc/uri.md
index 925ad4b..28aa94d 100644
--- a/doc/uri.md
+++ b/doc/uri.md
@@ -73,6 +73,12 @@ One of the following scheme names SHOULD be used to indicate an NBD URI:
 Other URI scheme names MAY be used but not all NBD clients will
 understand them or even recognize that they refer to NBD.

+Note that using opportunistically encrypted connections (via the `nbd`
+or `nbd+unix` scheme) risks a protocol downgrade attack; whereas
+requests for a secure connection (via the `nbds` or `nbds+unix`
+scheme) MUST use TLS to connect.  For more details, see
 ## NBD URI authority

 The authority field SHOULD be used for TCP/IP connections and SHOULD

More information about the Libguestfs mailing list