IETF Logo Mail Archive

Re: [nfsv4] Martin Duke's Discuss on draft-ietf-nfsv4-rpc-tls-08: (with DISCUSS and COMMENT)

Martin Duke <martin.h.duke@gmail.com> Sat, 18 July 2020 00:13 UTC

Return-Path: <martin.h.duke@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F06B43A0C18; Fri, 17 Jul 2020 17:13:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1GcgyMhzR0Oz; Fri, 17 Jul 2020 17:13:01 -0700 (PDT)
Received: from mail-il1-x142.google.com (mail-il1-x142.google.com [IPv6:2607:f8b0:4864:20::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDF953A0C17; Fri, 17 Jul 2020 17:13:01 -0700 (PDT)
Received: by mail-il1-x142.google.com with SMTP id i18so8767304ilk.10; Fri, 17 Jul 2020 17:13:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XVQgOOeyss4RKXWlTUr3U59PiYAQMLddmN0pgrwVu7c=; b=NR+BlnTKVnOjwPdl8vu/Bu60ZIOEe1aHgmbfCTUgaZ4jnsawFtbRpQRyHhUFOTrewN 2SmSYYn/5x4QbRRVNeno1J6/vCU4XZxIu+qRvlquhW0lBHG3bVL1aDFMuARoribCV+ve 22c9z0WDO7HCjvj55biRVPCCQlAwmR3ognmG/WTovzq7PdFCKefdBmtnnzCQ5/8WxJ59 ALejEzWhBA7vf9jOYyW+NQes+uGYymuu34aRVF5Z9o791hLgtDOSCgBGxZGjP+I59FW7 gz+CCvcFllVkZOpe2R4gKUXGDTsGh/keq1uSYcVO0VaOlbvduEZf265Mr26PRHz8ArLS sKFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XVQgOOeyss4RKXWlTUr3U59PiYAQMLddmN0pgrwVu7c=; b=E6mW3Y6FxCVTtTXUZV96uDYOczSKvAtLjDNm1DhUKdOuEMviC7i5qRed3YBeYLlSbO o5tR7+nvtYktCOCZ2h6di61a3GPuPPIggYPc3ahTtbnCTG0nktIU5dkbHh0wBh3tY3Ro Mqt/i/2h+qviuhDW7tU+ZHIMmAyRrdZsUPF+R+a/QOaNxTC/vt5gKHlyUFRWSR4ufI9M 7zO3SYP+/mU3LyXaJJfcgK9xZP/C4qvd4/npcBnC0d3MOcYVXnpJLLIEIrAxW4jFi856 32GrJPx/M75ZH2G5szs9GJx3Ge+C9z0k0V3/lEx1FI14ks4C6w+gP8ToQY5iSgx3i2xc dnPQ==
X-Gm-Message-State: AOAM530GQUp+LbD+tmUnzqoR0QG1bMMQl7v2vzhIdNeHcy5RTqgHRWd8 Qvygk25Dz8j91nUvmD8pKoVO5HybO0nBR0V4QME=
X-Google-Smtp-Source: ABdhPJwtNWcpvlR0kae5oOBOG/UQP3XLwRyFfeA9Z2pYX4DXjeWRyV5IEn9Lc7Wo/3sPJ7mmkmabHfAvajyw4p/Yjxk=
X-Received: by 2002:a92:a196:: with SMTP id b22mr11843202ill.303.1595031181028; Fri, 17 Jul 2020 17:13:01 -0700 (PDT)
MIME-Version: 1.0
References: <159311856977.23665.6882641799899154823@ietfa.amsl.com> <20200708052747.GE16335@kduck.mit.edu> <CAM4esxTz0uzVQmGFLtzoXtyiU=aZCZRKeoyh18THCjJWSU7hNg@mail.gmail.com> <A67E2BFD-2038-4D7F-A42F-EE752A3B3FE7@oracle.com>
In-Reply-To: <A67E2BFD-2038-4D7F-A42F-EE752A3B3FE7@oracle.com>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Fri, 17 Jul 2020 17:12:49 -0700
Message-ID: <CAM4esxSnE=RE1TU3pB6bcc+AmmsAYYDmqX1S_KZPi_5VhnzaOw@mail.gmail.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, nfsv4-chairs <nfsv4-chairs@ietf.org>, draft-ietf-nfsv4-rpc-tls@ietf.org, The IESG <iesg@ietf.org>, nfsv4@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f3717305aaac22a0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/08bfbMJWZtxolcckTfpqpie1PQo>
Subject: Re: [nfsv4] Martin Duke's Discuss on draft-ietf-nfsv4-rpc-tls-08: (with DISCUSS and COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jul 2020 00:13:04 -0000

That looks good. Ping me when there's a new version.

On Tue, Jul 14, 2020 at 4:52 AM Chuck Lever <chuck.lever@oracle.com> wrote:

> To address this issue, I've added the following text (in italics) to the
> Security Considerations section.
>
>    One purpose of the mechanism described in the current document is to
>    protect RPC-based applications against threats to the confidentiality
>    of RPC transactions and RPC user identities.  A taxonomy of these
>    threats appears in Section 5 of [RFC6973].  Also, Section 6 of
>    [RFC7525] contains a detailed discussion of technologies used in
>    conjunction with TLS.  Implementers should familiarize themselves
>    with these materials.
>
>    Once a TLS session is established, the RPC payload carried on TLS
>    version 1.3 is forward-secure.  However, implementers need to be
>    aware that replay attacks can occur during session establishment.
>    Remedies for such attacks are discussed in detail in Section 8 of
>    [RFC8446].
>
> *Further, the current document does not provide a profile   that defines
> the use of 0-RTT data (see Appendix E.5 of [RFC8446]).   Therefore,
> RPC-over-TLS implementations MUST NOT use 0-RTT data.*
>
>
> On Jul 8, 2020, at 9:50 AM, Martin Duke <martin.h.duke@gmail.com> wrote:
>
> Thank you for that reference.
>
> I agree that simply saying that Early Data MUST NOT be used is sufficient.
> I am skeptical that implementers of this draft will read E.5 of RFC 8446.
>
> On Tue, Jul 7, 2020 at 10:27 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
> On Thu, Jun 25, 2020 at 01:56:10PM -0700, Martin Duke via Datatracker
> wrote:
> > Martin Duke has entered the following ballot position for
> > draft-ietf-nfsv4-rpc-tls-08: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to
> https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rpc-tls/
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > This presumably a trivial fix but I think it's important enough to be a
> DISCUSS:
> >
> > I think the document needs some discussion of the security properties of
> TLS1.3
> > early data over TCP, if only to refer to Section 8 of RFC 8446 (replay)
> and
> > mention that it is not forward-secure, unlike the rest of the payload.
>
> I actually think that the situation is well-defined without such additional
> text -- Appendix E.5 notes that:
>
>    Application protocols MUST NOT use 0-RTT data without a profile that
>    defines its use.  That profile needs to identify which messages or
>    interactions are safe to use with 0-RTT and how to handle the
>    situation when the server rejects 0-RTT and falls back to 1-RTT.
>
> Since this document does not provide such a profile, early data MUST NOT be
> used, and there's no need to say more.
>
>
> --
> Chuck Lever
>
>
>
>

v2.23.0 | Report a Bug | By Email