[PATCH 12/18] nvme-fabrics: parse options 'keyring' and 'tls_key'
Sagi Grimberg
sagi at grimberg.me
Mon Apr 3 05:24:04 PDT 2023
>>> Parse the fabrics options 'keyring' and 'tls_key' and store the
>>> referenced keys in the options structure.
>>
>> Can you explain the reasoning to why a user need to pass a keyring
>> given that we already set up one?
>>
> Choice.
> With a single keyring we can only have a single identity.
> But there might be configurations where we want to have different PSKs
> for the same identity (eg for key rotation).
How do you expect that rotation would work with this?
How does nvmet handle a non-nvme keyring?
> With this option we can prepare a new keyring, and use that instead of
> the old one.
On an existing controller?
> (And it really doesn't add much complexity...)
I know, it just adds one more argument, and I want to understand if it
is really needed.
More information about the Linux-nvme
mailing list