[Libvir] Register libvirtd ports with IANA ?
Daniel P. Berrange
berrange at redhat.com
Mon Jun 18 12:27:37 UTC 2007
On Mon, Jun 18, 2007 at 12:09:33PM +0100, Richard W.M. Jones wrote:
> Daniel P. Berrange wrote:
> >For the libvirtd we currently use two ports
> >
> > 16509 - TCP unencrypted stream
> > 16514 - TLS encrypted stream
> >
> >My first thought is that we should really use consequetive port numbers
> >eg 16510 and 16511.
>
> A few comments ...
>
> We don't need to use two ports if we either use a "STARTTLS"-style
> upgrading of unencrypted to encrypted connections (which is the
> recommended way to do things instead of using two ports), or more simply
> we just ditch unencrypted connections. They're disabled by default
> anyway and not in any way required unless we want libvirt to build
> without GnuTLS.
The TCP stuff would be useful if you made it listen on 127.0.0.1 and were
using SSH to connect to libvirt remotely. So since the client sides has
SSH tunnellin support we probably ought to keep the plain TCP server, since
you don't want to be tunnelling TLS over SSH :-)
> No one got my ZX81 joke, obviously ...
What's a ZX81 ;-P
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the libvir-list
mailing list