IETF Logo Mail Archive

Re: [nfsv4] NFSv4 on TLS

Benjamin Kaduk <kaduk@mit.edu> Tue, 16 October 2018 20:02 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3401D130E36 for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 13:02:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3btqDeFI5k4j for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 13:02:51 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5466E130E29 for <nfsv4@ietf.org>; Tue, 16 Oct 2018 13:02:51 -0700 (PDT)
X-AuditID: 1209190f-a71ff70000003872-9b-5bc643e9fe60
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 22.96.14450.9E346CB5; Tue, 16 Oct 2018 16:02:50 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w9GK2m3Z005418; Tue, 16 Oct 2018 16:02:48 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w9GK2h1l026569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 16 Oct 2018 16:02:46 -0400
Date: Tue, 16 Oct 2018 15:02:43 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Trond Myklebust <trondmy@gmail.com>
Cc: Rick Macklem <rmacklem@uoguelph.ca>, nico@cryptonector.com, "nfsv4@ietf.org" <nfsv4@ietf.org>
Message-ID: <20181016200243.GX19309@kduck.kaduk.org>
References: <FD3EEC6C-887F-4F3A-AB9E-87AB9EE34ABD@oracle.com> <20180826214725.GA10368@localhost> <9A8DAFF1-C837-4AFA-99CB-863C09091608@oracle.com> <20180827185325.GB10368@localhost> <CADaq8jdr0w74J9db-AZTQ_dAP5ngT53R=KvLuK7xnVpptpbOCw@mail.gmail.com> <YTOPR0101MB182075AD5B7E864C48FF6324DD0A0@YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM> <CAABAsM5FatQmorZpTu4MGCwZMahRSJdhJu9gEPgjDEepcjjHfQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAABAsM5FatQmorZpTu4MGCwZMahRSJdhJu9gEPgjDEepcjjHfQ@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprHKsWRmVeSWpSXmKPExsUixCmqrfvK+Vi0wfMODovZ7x+xWpy6doTN 4uGya0wW9x5/ZXVg8Xh56hyjx85Zd9k9liz5yeTxe/NepgCWKC6blNSczLLUIn27BK6Mb8em shec16lombuXuYFxmXIXIyeHhICJxPp5E5m6GLk4hAQWM0lMPP6RBcLZyCgx/+t7KOcqk8T9 fd+ZQVpYBFQl5s3qZAKx2QRUJBq6L4PFRQTUJXp3fGUBsZkFsiTe7H/PCmILCyhK7D1+DKyG F2jdvy2H2SGGLmCWmL1lIitEQlDi5MwnUM1aEjf+vQRawAFkS0ss/8cBEuYUCJTY/2o2WImo gLLE3r5D7BMYBWYh6Z6FpHsWQvcCRuZVjLIpuVW6uYmZOcWpybrFyYl5ealFuiZ6uZkleqkp pZsYwQEtyb+DcU6D9yFGAQ5GJR5eAclj0UKsiWXFlbmHGCU5mJREeTOlgEJ8SfkplRmJxRnx RaU5qcWHGCU4mJVEeNMvHY0W4k1JrKxKLcqHSUlzsCiJ805oWRwtJJCeWJKanZpakFoEk5Xh 4FCS4D3pBDRUsCg1PbUiLTOnBCHNxMEJMpwHaLgyMAEI8RYXJOYWZ6ZD5E8x2nOsmtExg5lj 25lOINn29DqQ7ACRQix5+XmpUuK8wSCjBUDaMkrz4CaDkpVE9v6aV4ziQI8K824GqeIBJjq4 2a+A1jIBrXW3PQKytiQRISXVwMjUX3dia9CTWZ8/v7maGeQeK86k+YdNLexCX0WuWW/WpuiL rwXnHvyzg7dbTCNHtzgrj63GXTHqsZl5T5yQdPOrWfWPemYevLP3RmdiW1jrB0su1qVXdiz/ ODEqNqpy6eJHEo8KH6fssL4o3+hvdurQUX63B8ab3S//nOB2TvVZt0ZLu8VJJiWW4oxEQy3m ouJEAGpFAf4xAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/-mOYGYSNP52QG2Cd4WmbD6KzLH8>
Subject: Re: [nfsv4] NFSv4 on TLS
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 20:02:54 -0000

I'm not really in a position to speak of the level of demand for such a
proposal, but...

On Tue, Oct 16, 2018 at 03:53:32PM -0400, Trond Myklebust wrote:
> So here is a quick proposal: we add a new security type AUTH_TLS, which can
> act as the equivalent of a "STARTTLS command" to signal that we want to
> initiate TLS security negotiation if the server supports it.
> 
> When the client has set up the TCP connection, and is ready to initiate the
> TLS negotiation, it pings the server with a NULL RPC request with an
> auth_flavor of AUTH_TLS. If the server doesn't recognise that flavour, and
> returns AUTH_ERROR (+AUTH_BADCRED?), then the client knows that the server
> is unlikely to support stepping up to TLS on this connection.
> 
> There should be no need for the credential to carry any form of
> authentication payload, so just model it on AUTH_NONE, but have the server
> return a payload of "STARTTLS" in the body of the verifier. That
> differentiates it from AUTH_NONE, and allows the client to distinguish
> servers that recognise AUTH_TLS, and servers that just ignore the
> authentication header altogether in NULL RPC calls. If the payload matches,
> then the client kicks off TLS negotiation before sending any further RPC
> calls on this connection.
> 
> If the client tries to use AUTH_TLS for anything other than a NULL RPC
> ping, then a server would presumably be expected to return AUTH_ERROR with
> AUTH_TOOWEAK.
> 
> Once the TLS negotiation is complete, then the client and server will have
> established a secure channel for communicating, and can then use the

Any such document would need to discuss the client authentication semantics
for the TLS connection, whether a single per-host client cert is used vs.
per-user certs, etc.  BCP 195/RFC 7525 would of course play a role, too.

> standard security flavours on top of that channel (presumably after
> negotiating down the irrelevant RPCSEC_GSS privacy and integrity mechanisms
> and applying channel binding).

Anyone considering GSSAPI channel binding should probably consider the
issues that
https://tools.ietf.org/html/draft-ietf-kitten-channel-bound-flag-03 tries
to address, and also that the tls-unique-based binding value in RFC 5929 is
rather overtaken by events.  There would probably be a need to define a new
TLS exporter-based value that requires the use of TLS 1.3 or
extended-master-secret.

-Ben

> Is this a proposal that might be of interest to members of this group, and
> hence be worth documenting in an RFC?
> 
> Cheers
>   Trond
> 
> On Tue, 28 Aug 2018 at 07:57, Rick Macklem <rmacklem@uoguelph.ca> wrote:
> 
> > David Noveck wrote:
> > [stuff snipped]
> > >> AUTH_SYS with UIDs/GIDs is too limited.
> > >
> > >As far as I know, AUTH_SYS includes 32-bit UIDs/GIDs.   Those seemed
> > ample when
> > >AUTH_SYS was designed.
> > >
> > >It certainly is too limited now, but it is difficult to change. Even more
> > of a
> > >barrier than the existiing OTW formats, is the fact that most flle systems
> > >used with NFS reserve 32 bits in the inode for each of owner and group.
> > >Further complicating matters is that in-kernel VFS's and POSIX API's are
> > >built around this very limited approach to user identity.
> > >
> > >> I have no objection to a mechanism like AUTH_SYS-over-TLS
> > >
> > >I don't know of any AUTH_SYS mechanism that uses anything other than
> > >32-bit ids.
> > >
> > >> that uses name@domain to be consistent with the rest of NFSv4.
> > I think he was referring to a new authentication flavour that had the
> > "user@domain" string as the authenticator. (There is a 400byte limit, but
> > that might be sufficient.) I might have called it AUTH_NAME or AUTH_OWNER.
> >
> > I'd guess that 99.9% of FreeBSD NFS usage is AUTH_SYS, although Kerberos is
> > in the system. I do think a way to use TLS (or similar) to encrypt at the
> > transport
> > level would be a good thing and would get used more widely.
> >
> > Many of the FreeBSD sites (I won't guess the %) use AUTH_SYS but ignore the
> > gid list and generate a gid list on the server from the uid. As such, I
> > don't think
> > putting gids/owner_group names in a new authentication mechanism is needed.
> >
> > For folks that have a 32bit uniform uid space, AUTH_SYS in transport
> > encryption
> > seems ok to me.
> > For sites where the uid space isn't uniform or doesn't fit in 32bits, a
> > "user@domaim"
> > to uid/gid list mapping in the server can be done using this new one.
> >
> > >Within NFSv4 proper, you could use name@domain, but there is really no
> > >point if you are using AUTH_SYS.    You are allowed to use numeric ids
> > >as attributes and most people using AUTH_SYS choose to do so, to avoid
> > >the overhead of a translation that provides no benefits.
> > They could use this mapping with AUTH_OWNER when AUTH_SYS won't
> > work for them.
> >
> > rick
> > ps: I, for one, am not interested in implementing a new GSSAPI mechanism
> > that
> >       isn't in the open source Kerberos distros. As such, any complicated
> > setup
> >       involving writing of a lot of new code probably wouldn't make it in
> > FreeBSD
> >       for a long time. However, something that mostly uses the extant code
> > for
> >       supporting "https" should be doable.
> > [more stuff snipped]
> >
> > _______________________________________________
> > nfsv4 mailing list
> > nfsv4@ietf.org
> > https://www.ietf.org/mailman/listinfo/nfsv4
> >

> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email