IETF Logo Mail Archive

Re: [Gen-art] [nfsv4] Genart last call review of draft-ietf-nfsv4-rpc-tls-07

Chuck Lever <chuck.lever@oracle.com> Mon, 25 May 2020 17:57 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AC963A0E9E; Mon, 25 May 2020 10:57:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id APNEXquij0kG; Mon, 25 May 2020 10:57:50 -0700 (PDT)
Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FCE03A0E9D; Mon, 25 May 2020 10:57:50 -0700 (PDT)
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 04PHveaL111832; Mon, 25 May 2020 17:57:40 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2020-01-29; bh=/oW2gwIJIMnzO3enaOaywDgU8ARVLcBVy4dPAUs/TUY=; b=rCzWblBFHe1+dHgtEl9U4emkK2+k9u4kVKXxKEMZPlpyUrBZQFwnovKXUCFJr9Ojd4Di CsinexHM+A/caI3hE2lU2YGzDqYdh9Ik321EwyD386hYZvRVgEuaocgLlypO/THa0R/y 4MCrS89a4Kp+kFXxsAYbAGlhHJOyVV6FKFNzddiS0+k7HZEz8ojG+yZ3QwIZUFyQ2ghp IfAkJlB0/mvW80kuirIAVDRShwP+OmhSY27e1ezWNzvREeQJNnx/2Ex7TLw8xY7UzICE w8F2Q5pO+aEGdutKVn2hWTBfocCx4/8ucxxtJZqyDp77b1c3B0Hc4J1XE95IodYF3Q79 cw==
Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by userp2120.oracle.com with ESMTP id 316vfn69e7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 25 May 2020 17:57:40 +0000
Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 04PHquDI080983; Mon, 25 May 2020 17:57:38 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserp3030.oracle.com with ESMTP id 317ddmj21r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 25 May 2020 17:57:38 +0000
Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 04PHvb7h016678; Mon, 25 May 2020 17:57:37 GMT
Received: from anon-dhcp-153.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 25 May 2020 10:57:37 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <159035343255.29687.817580247496478154@ietfa.amsl.com>
Date: Mon, 25 May 2020 13:57:36 -0400
Cc: "gen-art >> General area reviewing team" <gen-art@ietf.org>, last-call@ietf.org, nfsv4@ietf.org, draft-ietf-nfsv4-rpc-tls.all@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A3F681DA-F363-4EE5-A045-DF1EB97A55AF@oracle.com>
References: <159035343255.29687.817580247496478154@ietfa.amsl.com>
To: Dale Worley <worley@ariadne.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9632 signatures=668686
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 bulkscore=0 mlxscore=0 phishscore=0 adultscore=0 suspectscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005250142
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9632 signatures=668686
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 clxscore=1015 priorityscore=1501 mlxscore=0 malwarescore=0 spamscore=0 impostorscore=0 mlxlogscore=999 lowpriorityscore=0 bulkscore=0 adultscore=0 suspectscore=0 cotscore=-2147483648 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2005250143
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/c6KlQlMSerU4oU7zyMXH-SWWuQs>
Subject: Re: [Gen-art] [nfsv4] Genart last call review of draft-ietf-nfsv4-rpc-tls-07
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2020 17:57:52 -0000

Hi Dale-

One additional thought.


> On May 24, 2020, at 4:50 PM, Dale Worley via Datatracker <noreply@ietf.org> wrote:
> 
> Reviewer: Dale Worley
> Review result: Ready with Nits
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
> 
> For more information, please see the FAQ at
> 
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> 
> Document:  draft-ietf-nfsv4-rpc-tls-07
> Reviewer:  Dale R. Worley
> Review Date:  2020-05-24
> IETF LC End Date:  2020-05-27
> IESG Telechat date:  unknown
> 
> Summary:
> 
> Note that I am not familiar with the operations of TLS, so I have not
> reviewed issues that are specific to security implementations.  I
> assume the SECDIR review has adequately covered those.
> 
> This draft is quite solid and nearly ready for publication, but has
> nits that should be fixed before publication.
> 
> Nits:

 ...

> 7.1.  Limitations of an Opportunistic Approach
> 
>   Implementations of
>   the mechanism described in the current document must take care to
>   accurately represent to all RPC consumers the level of security that
>   is actually in effect, ...
> 
> I think you want s/must/MUST/.  There's also an unstated requirement
> that the RPC consumers have some way of accessing this information.

IMHO the non-normative form of "must" is appropriate in this case.

 - The text is not specific enough to be part of an enforceable normative
   compliance statement.

 - The remark here is about an internal RPC consumer API, as you note.
   Such APIs are not something on which this document can place hard
   requirements.

However, I'm open to further comments and discussion.


--
Chuck Lever

v2.23.0 | Report a Bug | By Email