Re: [nfsv4] NFSv4 on TLS
Benjamin Kaduk <kaduk@mit.edu> Tue, 16 October 2018 20:02 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3401D130E36 for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 13:02:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3btqDeFI5k4j for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 13:02:51 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5466E130E29 for <nfsv4@ietf.org>; Tue, 16 Oct 2018 13:02:51 -0700 (PDT)
X-AuditID: 1209190f-a71ff70000003872-9b-5bc643e9fe60
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 22.96.14450.9E346CB5; Tue, 16 Oct 2018 16:02:50 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w9GK2m3Z005418; Tue, 16 Oct 2018 16:02:48 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w9GK2h1l026569 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 16 Oct 2018 16:02:46 -0400
Date: Tue, 16 Oct 2018 15:02:43 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Trond Myklebust <trondmy@gmail.com>
Cc: Rick Macklem <rmacklem@uoguelph.ca>, nico@cryptonector.com, "nfsv4@ietf.org" <nfsv4@ietf.org>
Message-ID: <20181016200243.GX19309@kduck.kaduk.org>
References: <FD3EEC6C-887F-4F3A-AB9E-87AB9EE34ABD@oracle.com> <20180826214725.GA10368@localhost> <9A8DAFF1-C837-4AFA-99CB-863C09091608@oracle.com> <20180827185325.GB10368@localhost> <CADaq8jdr0w74J9db-AZTQ_dAP5ngT53R=KvLuK7xnVpptpbOCw@mail.gmail.com> <YTOPR0101MB182075AD5B7E864C48FF6324DD0A0@YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM> <CAABAsM5FatQmorZpTu4MGCwZMahRSJdhJu9gEPgjDEepcjjHfQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAABAsM5FatQmorZpTu4MGCwZMahRSJdhJu9gEPgjDEepcjjHfQ@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprHKsWRmVeSWpSXmKPExsUixCmqrfvK+Vi0wfMODovZ7x+xWpy6doTN 4uGya0wW9x5/ZXVg8Xh56hyjx85Zd9k9liz5yeTxe/NepgCWKC6blNSczLLUIn27BK6Mb8em shec16lombuXuYFxmXIXIyeHhICJxPp5E5m6GLk4hAQWM0lMPP6RBcLZyCgx/+t7KOcqk8T9 fd+ZQVpYBFQl5s3qZAKx2QRUJBq6L4PFRQTUJXp3fGUBsZkFsiTe7H/PCmILCyhK7D1+DKyG F2jdvy2H2SGGLmCWmL1lIitEQlDi5MwnUM1aEjf+vQRawAFkS0ss/8cBEuYUCJTY/2o2WImo gLLE3r5D7BMYBWYh6Z6FpHsWQvcCRuZVjLIpuVW6uYmZOcWpybrFyYl5ealFuiZ6uZkleqkp pZsYwQEtyb+DcU6D9yFGAQ5GJR5eAclj0UKsiWXFlbmHGCU5mJREeTOlgEJ8SfkplRmJxRnx RaU5qcWHGCU4mJVEeNMvHY0W4k1JrKxKLcqHSUlzsCiJ805oWRwtJJCeWJKanZpakFoEk5Xh 4FCS4D3pBDRUsCg1PbUiLTOnBCHNxMEJMpwHaLgyMAEI8RYXJOYWZ6ZD5E8x2nOsmtExg5lj 25lOINn29DqQ7ACRQix5+XmpUuK8wSCjBUDaMkrz4CaDkpVE9v6aV4ziQI8K824GqeIBJjq4 2a+A1jIBrXW3PQKytiQRISXVwMjUX3dia9CTWZ8/v7maGeQeK86k+YdNLexCX0WuWW/WpuiL rwXnHvyzg7dbTCNHtzgrj63GXTHqsZl5T5yQdPOrWfWPemYevLP3RmdiW1jrB0su1qVXdiz/ ODEqNqpy6eJHEo8KH6fssL4o3+hvdurQUX63B8ab3S//nOB2TvVZt0ZLu8VJJiWW4oxEQy3m ouJEAGpFAf4xAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/-mOYGYSNP52QG2Cd4WmbD6KzLH8>
Subject: Re: [nfsv4] NFSv4 on TLS
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 20:02:54 -0000
I'm not really in a position to speak of the level of demand for such a proposal, but... On Tue, Oct 16, 2018 at 03:53:32PM -0400, Trond Myklebust wrote: > So here is a quick proposal: we add a new security type AUTH_TLS, which can > act as the equivalent of a "STARTTLS command" to signal that we want to > initiate TLS security negotiation if the server supports it. > > When the client has set up the TCP connection, and is ready to initiate the > TLS negotiation, it pings the server with a NULL RPC request with an > auth_flavor of AUTH_TLS. If the server doesn't recognise that flavour, and > returns AUTH_ERROR (+AUTH_BADCRED?), then the client knows that the server > is unlikely to support stepping up to TLS on this connection. > > There should be no need for the credential to carry any form of > authentication payload, so just model it on AUTH_NONE, but have the server > return a payload of "STARTTLS" in the body of the verifier. That > differentiates it from AUTH_NONE, and allows the client to distinguish > servers that recognise AUTH_TLS, and servers that just ignore the > authentication header altogether in NULL RPC calls. If the payload matches, > then the client kicks off TLS negotiation before sending any further RPC > calls on this connection. > > If the client tries to use AUTH_TLS for anything other than a NULL RPC > ping, then a server would presumably be expected to return AUTH_ERROR with > AUTH_TOOWEAK. > > Once the TLS negotiation is complete, then the client and server will have > established a secure channel for communicating, and can then use the Any such document would need to discuss the client authentication semantics for the TLS connection, whether a single per-host client cert is used vs. per-user certs, etc. BCP 195/RFC 7525 would of course play a role, too. > standard security flavours on top of that channel (presumably after > negotiating down the irrelevant RPCSEC_GSS privacy and integrity mechanisms > and applying channel binding). Anyone considering GSSAPI channel binding should probably consider the issues that https://tools.ietf.org/html/draft-ietf-kitten-channel-bound-flag-03 tries to address, and also that the tls-unique-based binding value in RFC 5929 is rather overtaken by events. There would probably be a need to define a new TLS exporter-based value that requires the use of TLS 1.3 or extended-master-secret. -Ben > Is this a proposal that might be of interest to members of this group, and > hence be worth documenting in an RFC? > > Cheers > Trond > > On Tue, 28 Aug 2018 at 07:57, Rick Macklem <rmacklem@uoguelph.ca> wrote: > > > David Noveck wrote: > > [stuff snipped] > > >> AUTH_SYS with UIDs/GIDs is too limited. > > > > > >As far as I know, AUTH_SYS includes 32-bit UIDs/GIDs. Those seemed > > ample when > > >AUTH_SYS was designed. > > > > > >It certainly is too limited now, but it is difficult to change. Even more > > of a > > >barrier than the existiing OTW formats, is the fact that most flle systems > > >used with NFS reserve 32 bits in the inode for each of owner and group. > > >Further complicating matters is that in-kernel VFS's and POSIX API's are > > >built around this very limited approach to user identity. > > > > > >> I have no objection to a mechanism like AUTH_SYS-over-TLS > > > > > >I don't know of any AUTH_SYS mechanism that uses anything other than > > >32-bit ids. > > > > > >> that uses name@domain to be consistent with the rest of NFSv4. > > I think he was referring to a new authentication flavour that had the > > "user@domain" string as the authenticator. (There is a 400byte limit, but > > that might be sufficient.) I might have called it AUTH_NAME or AUTH_OWNER. > > > > I'd guess that 99.9% of FreeBSD NFS usage is AUTH_SYS, although Kerberos is > > in the system. I do think a way to use TLS (or similar) to encrypt at the > > transport > > level would be a good thing and would get used more widely. > > > > Many of the FreeBSD sites (I won't guess the %) use AUTH_SYS but ignore the > > gid list and generate a gid list on the server from the uid. As such, I > > don't think > > putting gids/owner_group names in a new authentication mechanism is needed. > > > > For folks that have a 32bit uniform uid space, AUTH_SYS in transport > > encryption > > seems ok to me. > > For sites where the uid space isn't uniform or doesn't fit in 32bits, a > > "user@domaim" > > to uid/gid list mapping in the server can be done using this new one. > > > > >Within NFSv4 proper, you could use name@domain, but there is really no > > >point if you are using AUTH_SYS. You are allowed to use numeric ids > > >as attributes and most people using AUTH_SYS choose to do so, to avoid > > >the overhead of a translation that provides no benefits. > > They could use this mapping with AUTH_OWNER when AUTH_SYS won't > > work for them. > > > > rick > > ps: I, for one, am not interested in implementing a new GSSAPI mechanism > > that > > isn't in the open source Kerberos distros. As such, any complicated > > setup > > involving writing of a lot of new code probably wouldn't make it in > > FreeBSD > > for a long time. However, something that mostly uses the extant code > > for > > supporting "https" should be doable. > > [more stuff snipped] > > > > _______________________________________________ > > nfsv4 mailing list > > nfsv4@ietf.org > > https://www.ietf.org/mailman/listinfo/nfsv4 > > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Mkrtchyan, Tigran
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Mkrtchyan, Tigran
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Black, David
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Nico Williams
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Nico Williams
- Re: [nfsv4] NFSv4 on TLS Mkrtchyan, Tigran
- Re: [nfsv4] NFSv4 on TLS David Noveck
- Re: [nfsv4] NFSv4 on TLS Rick Macklem
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Black, David
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk