[Gen-art] Gen-art LC review of draft-ietf-nfsv4-rpcsec-gssv3-13

Elwyn Davies <elwynd@dial.pipex.com> Thu, 10 December 2015 19:48 UTC

Return-Path: <elwynd@dial.pipex.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 8C6631B29F0; Thu, 10 Dec 2015 11:48:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id GxyRAl-1Tlcz; Thu, 10 Dec 2015 11:48:48 -0800 (PST)
Received: from b.painless.aa.net.uk (b.painless.aa.net.uk [IPv6:2001:8b0:0:30:5054:ff:fe5e:1643]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7C11B29EE; Thu, 10 Dec 2015 11:48:42 -0800 (PST)
Received: from brdgfw.folly.org.uk ([] helo=[]) by b.painless.aa.net.uk with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77) (envelope-from <elwynd@dial.pipex.com>) id 1a77Ch-0007Ei-Rl; Thu, 10 Dec 2015 19:48:39 +0000
From: Elwyn Davies <elwynd@dial.pipex.com>
To: General area reviewing team <gen-art@ietf.org>
Message-ID: <5669D711.9050401@dial.pipex.com>
Date: Thu, 10 Dec 2015 19:48:33 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/aEpZIySLRDUGK9yK6h89Xk-BQqg>
Cc: draft-ietf-nfsv4-rpcsec-gssv3.all@ietf.org
Subject: [Gen-art] Gen-art LC review of draft-ietf-nfsv4-rpcsec-gssv3-13
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2015 19:48:51 -0000

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-nfsv4-rpcsec-gssv3-13.txt
Reviewer: Elwyn Davies
Review Date: 2015-12-09
IETF LC End Date: 2015-12-09
IESG Telechat date: (if known) -

Summary: Almost Ready.  There are a couple of minor issues that just 
poke above the editorial/nits level.  The downref issue probably needs 
to be solved by incorporating the relevant descriptions from the 
requirements doc (RFC 7204) into the NFS v4.2 draft and using that as 
the reference - the relevant information is indeed needed by 
implementers to understand what is going on in this protocol and in 
NFSv4.2 and referring back to the requirements RFC is probably not a 
good way to go as the requirements may be neither complete nor fully 
implemented, making the reference potentially unreliable.

Major issues:

Minor issues:
s1, para 5 and s6.2:  idnits points out that RFC 2401 has been obsoleted 
by RFC 4301.  I suspect that RFC 4301 could be referenced instead.

s1.1, first bullet and last para:   ... both refer to RFC 7204 which is 
given as a normative reference.  This is a downref to an informational 
document.  I observe that (probably) the same material is referred to in 
[NFSv4.2] although there it is given as informational.  My personal view 
is that it would be better to extract the relevant info from RFC 7204 
and add it into [NFSv4.2] which is already referenced normatively in 
this draft.    Requiring implementers to plough through the requirements 
(no section pointers are given) that may or may not have been executed 
in the standards seems undesirable.

s2.1 and s2.5: s2.5 states that 'RPCSEC_GSS_BIND_CHANNEL MUST NOT be 
used on RPCSEC_GSS version 3 handles'.  This is rather more constraining 
than the term 'deprecated' used in s2.1.  It would seem that:
- s2.1 ought to say that RPCSEC_GSS_BIND_CHANNEL is *not supported* when 
version 3 is in use.
- s2.5 ought to specify how the target should respond if a client 
requests a RPCSEC_GSS_BIND_CHANNEL operation on a v3  handle.

s2.6/s5: New auth_stat values are managed by IANA (on a first come first 
served basis) [Better get your request in now if you want these 
numbers!]  See 
and RFC 5531.  The request should be documented in s5.

Nits/editorial comments:
Abstract: s/to server/to a server/

s1, para 3: s/A major motivation for RPCSEC_GSSv3/A major motivation for 
version 3 of RPCSEC_GSS (RPCSEC_GSSv3)/ (This expansion is currently 
done later on in s1.1).

s1, para 3: s/i.e. /i.e.,  /

s1, para 5: s/ Labeled NFS (see Section 8 of [NFSv4.2])/ Labeled NFS 
(see Section 9 of [NFSv4.2]) (referring to -39)  It might be worth 
noting explicitly that 'full-mode' is defined in s9.6.1 of [NFSv4.2]

s1, para 5: MAC needs to be expanded (at least on account of the 
multiple possible expansions!)  Presumably this should be 'Mandatory 
Access Control (MAC) systems (as defined in [RFC4949])' (quoting 
RFC7204, section 1).

s1, para 6: s/server-side copy (see Section 3.4.1 of 
[NFSv4.2])/server-side copy (see Section 4 of [NFSv4.2])/

s1, para 7: It might be worth explicitly mentioning s9 of [AFS-RXGK] 
that introduces cache poisoning issues.

s1.1: According to s2.7.1.2, the channel binding feature is OPTIONAL to 
implement for servers.  It would be useful to note this in s1.1. 
Similarly labeling is OPTIONAL according to s2.7.1.3.   Presumably the 
other features MUST be supported by a RPSEC_GSSv3 implementation - this 
could also be noted.

s2, 2nd bullet: s/that uses the child handle./that use the child handle./

s2.3, para 1: Need to expand MIC on first occurrence (Message Integrity 
Code, I assume)

s2.3, code fragment: s/* This code was derived from [RFC2203]./* This 
code was derived from RFC 2203, RFC 5403 and RFC-to-be./ (presumably)

s2.3, para 2: s/except for the mtype/except that the mtype/

s2.4:  To be absolutely clear, it would be worth adding something like:
    The following code fragment replaces the corresponding preliminary 
code shown in Figure 1 of [RFC5403].
    The values in the code fragment in s2.6 are additions to the 
auth_stat enumeration.
    Subsequent code fragments are additions to the code for version 2 
that support the new procedures
    defined in version 3.
--- inserted at the head of the section.

s2.7, last para but two:  s/SHOULD associate/need to associate/ - this 
isn't something that is on the wire or can be verified by the protocol.

s2.7.1.1, para after code fragment: s/e.g. /e.g., /

s2.7.1.1, para 3 after the code fragment:
I think that the following change is needed, firstly to make the text 
comprehensible and secondly, there is no current alternative allowed for 
the SHOULD and the following text indicates that an updated protocol 
would be needed for other alternatives.
The inner context handle it SHOULD use a context handle to authenticate 
a user.
For the inner context handle with RPSEC_GSSv3 it MUST use a context 
handle to authenticate a user.

s2.7.1.1, para 5 after the code fragment: s/is placed in/and is placed 
in the/

s2.7.1.3, para 3 after the code fragment: s/Section 12.2.2 of 
[NFSv4.2]./Section 12.2.4 of [NFSv4.2]./

s2.7.1.3, para 6 after the code fragment: s/to different subject 
label/to a different subject label/

s2.7.1.3, last para:
Section  "Inter-Server Copy with RPCSEC_GSSv3" of [NFSv4.2]
Section "Inter-Server Copy via ONC RPC with RPCSEC_GSSv3" of 

s2.7.2, para 1 after code fragment: s/what assertions to be listed/what 
assertions are to be listed/

>   Other assertion types are described
>     elsewhere...
Where?  An example or reference would help.

s5: There are IANA considerations... see minor issues above.

s6.1: RFC 7204 is a downref ... see minor issues above.

s6.2:  The Bell-LaPadula technical report is one of those much cited but 
almost unobtainable papers.  After some ferreting I found a 
'reconstruction' via Wikipedia's article on the report at 
http://www.albany.edu/acc/courses/ia/classics/belllapadula2.pdf. [Aside: 
In the process of tracking down this text I came across 'A Comment on 
the "Basic Security Theorem" of Bell and LaPadula' by John McLean 
(http://www.albany.edu/acc/courses/ia/classics/mclean5.pdf) which has 
some negative things to say about the Bell-LaPadula model.]