IETF Logo Mail Archive

Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv3: request for review

Benjamin Kaduk <kaduk@MIT.EDU> Fri, 05 September 2014 20:02 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22D5E1A009C; Fri, 5 Sep 2014 13:02:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.869
X-Spam-Level:
X-Spam-Status: No, score=-4.869 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ursP7WC7Gf32; Fri, 5 Sep 2014 13:02:51 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D46261A008C; Fri, 5 Sep 2014 13:02:50 -0700 (PDT)
X-AuditID: 12074423-f799d6d00000337c-b0-540a16e9ce56
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 5E.DB.13180.9E61A045; Fri, 5 Sep 2014 16:02:49 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s85K2mmg006225; Fri, 5 Sep 2014 16:02:49 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s85K2k9x007512 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 5 Sep 2014 16:02:47 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s85K2j0j019268; Fri, 5 Sep 2014 16:02:45 -0400 (EDT)
Date: Fri, 05 Sep 2014 16:02:45 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: "Adamson, Andy" <William.Adamson@netapp.com>, NFSv4 <nfsv4@ietf.org>
In-Reply-To: <20140804164302.GJ3579@localhost>
Message-ID: <alpine.GSO.1.10.1409051601330.21571@multics.mit.edu>
References: <DC941FEB-725A-49E1-8C38-FF765454827C@netapp.com> <alpine.GSO.1.10.1407301239260.21571@multics.mit.edu> <20140801055401.GA7409@localhost> <8FD0C272-6FD3-44FE-BD3D-BAB220E0FF13@netapp.com> <20140801221535.GA3579@localhost> <20140804160016.GC23341@fieldses.org> <20140804164302.GJ3579@localhost>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrLIsWRmVeSWpSXmKPExsUixCmqrPtSjCvE4HqPjsXRzatYLGa/f8Rq MX2RlQOzx5IlP5k8Znz6whbAFMVlk5Kak1mWWqRvl8CV8WbeFOaCJs6KrXueMzcwTmHvYuTk kBAwkfhzqIkJwhaTuHBvPRuILSQwm0ni22H7LkYuIHsDo8SJn6vYIZyDTBJzb8yCqqqXuN92 EsxmEdCSOH2uhxXEZhNQkZj5ZiNYXETAQ+LYnqNg25gF1CW+nXnDCGILC7hJNL/6xQxicwro SfR2fQSL8wo4SnSu/ccIsWwzk8TCI31g54kK6Eis3j+FBaJIUOLkzCcsEEO1JJZP38YygVFw FpLULCSpBYxMqxhlU3KrdHMTM3OKU5N1i5MT8/JSi3TN9HIzS/RSU0o3MYJClt1FeQfjn4NK hxgFOBiVeHgXfOYIEWJNLCuuzD3EKMnBpCTKKyTIFSLEl5SfUpmRWJwRX1Sak1p8iFGCg1lJ hDftB2eIEG9KYmVValE+TEqag0VJnPettVWwkEB6YklqdmpqQWoRTFaGg0NJgldDFGioYFFq empFWmZOCUKaiYMTZDgP0PBQkBre4oLE3OLMdIj8KUZdjnWd3/qZhFjy8vNSpcR5F4gAFQmA FGWU5sHNgaWaV4ziQG8J80aDjOIBpim4Sa+AljABLTFPB/mguCQRISXVwDg17nFIdezrjUsu fH4097VCtIbVk0D3QB3TlHKH2Bj+xh4254gVW8S4a65GnsoQKPndIOcRUF679vTKx5nPP0tM d61+UTJ3w2WPA4vPyWoe9xD+oz3NyOWzU/O1zPJpz4Llt8m1ahuqcS437yry4P4Ver1FPePZ 5nMbti6O+XH70btdSsL7/ZVYijMSDbWYi4oTAZhdZfUQAwAA
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/AipEsWwQXte53us-1fF7R4GJTMw
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] [nfsv4] draft-ietf-nfsv4-rpcsec-gssv3: request for review
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Sep 2014 20:02:55 -0000

On Mon, 4 Aug 2014, Nico Williams wrote:

> On Mon, Aug 04, 2014 at 12:00:16PM -0400, J. Bruce Fields wrote:
> > On Fri, Aug 01, 2014 at 05:15:36PM -0500, Nico Williams wrote:
> > > It was always my intention that traditional (read: multi-user
> > > shared-cache) NFS client implementations would just always use
> > > "multi-principal" contexts when doing any RPCs on a user's behalf.
> > >
> > > That is, addressing the "user can impersonate the server to the client"
> > > problem was always my first and foremost goal with this protocol, though
> > > I didn't always say so explicitly (since at the time the attack was not
> > > well-known, I didn't want to publicize it).
> >
> > Oh, that's really helpful to know.
>
> Yeah :(  I mentioned it several times at meetings.  The cat has been
> out of the bag for a long time as to the vulnerability for shared-cache
> clients, so we might as well state this motivation clearly.

I don't remember seeing new text clarifying the potential attack going by,
so I'll note that what we did for rxgk is in section 7 of
https://tools.ietf.org/html/draft-wilkinson-afs3-rxgk-afs-06

-Ben

v2.29.0 | Report a Bug | By Email | System Status