Comment 3 for bug 1798796

Yep, agreed on te Blueprint: here we go: https://blueprints.launchpad.net/nova/+spec/support-qemu-native-tls-for-live-migration

But a small comment: naming it as "Wishlist" can be misleading; probably you didn't intend it that way, and are just doing the necessary "bug metadata work". Because migrating disks over an encrypted channel is a strong requirement for many IT Orgs. FWIW, quoting from DanPB's RFC[*] on qemu-devel (from Feb 2015):

    "We have a broad goal in OpenStack that every network channel in use
    must have encryption and authentication capabilities. Currently all
    the communication channels between the end user and the cloud
    infrastructure edge servers are secured, but internally a number of
    the cloud infrastructure components are unsecured. For example, we
    recommend to tunnel migration via libvirt, though that excludes use
    of the NBD for block migration since libvirt can't currently tunnel
    that. [...]

    "Essentially the project considers that it is no longer sufficient
    to consider the private management LAN (on which the cloud
    infrastructure is deployed) to be fully trusted; it must be
    considered hostile."

[*] https://lists.gnu.org/archive/html/qemu-devel/2015-02/msg00529.html