Re: [nfsv4] NFSv4 on TLS
Benjamin Kaduk <kaduk@mit.edu> Tue, 16 October 2018 22:41 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03CE4130E6E for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 15:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z3fvphCW1VC3 for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 15:41:04 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DE6C130E87 for <nfsv4@ietf.org>; Tue, 16 Oct 2018 15:41:01 -0700 (PDT)
X-AuditID: 1209190c-d97ff7000000471e-eb-5bc668fcf0b6
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 0D.74.18206.CF866CB5; Tue, 16 Oct 2018 18:41:00 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w9GMewq8027515; Tue, 16 Oct 2018 18:40:59 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w9GMes62029605 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 16 Oct 2018 18:40:56 -0400
Date: Tue, 16 Oct 2018 17:40:54 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Trond Myklebust <trondmy@gmail.com>
Cc: Rick Macklem <rmacklem@uoguelph.ca>, nico@cryptonector.com, "nfsv4@ietf.org" <nfsv4@ietf.org>
Message-ID: <20181016224053.GB19309@kduck.kaduk.org>
References: <FD3EEC6C-887F-4F3A-AB9E-87AB9EE34ABD@oracle.com> <20180826214725.GA10368@localhost> <9A8DAFF1-C837-4AFA-99CB-863C09091608@oracle.com> <20180827185325.GB10368@localhost> <CADaq8jdr0w74J9db-AZTQ_dAP5ngT53R=KvLuK7xnVpptpbOCw@mail.gmail.com> <YTOPR0101MB182075AD5B7E864C48FF6324DD0A0@YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM> <CAABAsM5FatQmorZpTu4MGCwZMahRSJdhJu9gEPgjDEepcjjHfQ@mail.gmail.com> <20181016200243.GX19309@kduck.kaduk.org> <CAABAsM4OazaMxkDgoJZ7vV8R1HWW=jJQHwQwSEyxCryRFJDJpw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAABAsM4OazaMxkDgoJZ7vV8R1HWW=jJQHwQwSEyxCryRFJDJpw@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprHKsWRmVeSWpSXmKPExsUixCmqrPsn41i0wer1Shaz3z9itTh17Qib xcNl15gs7j3+yurA4vHy1DlGj52z7rJ7LFnyk8nj9+a9TAEsUVw2Kak5mWWpRfp2CVwZN/tW sBTstK1o/fqYtYFxon4XIyeHhICJxM0FP5i7GLk4hAQWM0k8e3ONFcLZyCixZnYvC4RzlUli 9eqpLCAtLAKqEgfnTGYGsdkEVCQaui+D2SIC6hK9O76C1TALZEm82f+eFcQWFlCU2Hv8GFgN L9C6M5u2MEEMncQi0fmrjwUiIShxcuYTqGYtiRv/XgIVcQDZ0hLL/3GAhDkFAiW+PbvHBmKL CihL7O07xD6BUWAWku5ZSLpnIXQvYGRexSibklulm5uYmVOcmqxbnJyYl5dapGuol5tZopea UrqJERzQkjw7GM+88TrEKMDBqMTDKyB5LFqINbGsuDL3EKMkB5OSKG+mFFCILyk/pTIjsTgj vqg0J7X4EKMEB7OSCG/6paPRQrwpiZVVqUX5MClpDhYlcd4JLYujhQTSE0tSs1NTC1KLYLIy HBxKErzswMgVEixKTU+tSMvMKUFIM3FwggznARqukA5Uw1tckJhbnJkOkT/FaM+xakbHDGaO bWc6gWTb0+tAsgNECrHk5eelSonz6oOMFgBpyyjNg5sMSlYS2ftrXjGKAz0qzNsEUsUDTHRw s18BrWUCWutuewRkbUkiQkqqgdGeh+fu8c//Feb9YDPJnvplrkCoxdbgd++cTW6XtwTnO8wL v7JWSGfa3kSPx01h+5wf/vX3DG3XuWp8Orao8jTTn2P36rT170XGVxxJ3vgnxXRF39Z1fL8D Lk3+ViX+TzZhS/WHDddN+1i0/XQ+ar38fuOTW+b21rLHUTpOen43Ir42H22tM1RiKc5INNRi LipOBACPEHUNMQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/0FGvQRgf9d8uqviGFzgjnGjqddM>
Subject: Re: [nfsv4] NFSv4 on TLS
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 22:41:16 -0000
On Tue, Oct 16, 2018 at 05:03:59PM -0400, Trond Myklebust wrote: > On Tue, 16 Oct 2018 at 16:02, Benjamin Kaduk <kaduk@mit.edu> wrote: > > > I'm not really in a position to speak of the level of demand for such a > > proposal, but... > > > > On Tue, Oct 16, 2018 at 03:53:32PM -0400, Trond Myklebust wrote: > > > So here is a quick proposal: we add a new security type AUTH_TLS, which > > can > > > act as the equivalent of a "STARTTLS command" to signal that we want to > > > initiate TLS security negotiation if the server supports it. > > > > > > When the client has set up the TCP connection, and is ready to initiate > > the > > > TLS negotiation, it pings the server with a NULL RPC request with an > > > auth_flavor of AUTH_TLS. If the server doesn't recognise that flavour, > > and > > > returns AUTH_ERROR (+AUTH_BADCRED?), then the client knows that the > > server > > > is unlikely to support stepping up to TLS on this connection. > > > > > > There should be no need for the credential to carry any form of > > > authentication payload, so just model it on AUTH_NONE, but have the > > server > > > return a payload of "STARTTLS" in the body of the verifier. That > > > differentiates it from AUTH_NONE, and allows the client to distinguish > > > servers that recognise AUTH_TLS, and servers that just ignore the > > > authentication header altogether in NULL RPC calls. If the payload > > matches, > > > then the client kicks off TLS negotiation before sending any further RPC > > > calls on this connection. > > > > > > If the client tries to use AUTH_TLS for anything other than a NULL RPC > > > ping, then a server would presumably be expected to return AUTH_ERROR > > with > > > AUTH_TOOWEAK. > > > > > > Once the TLS negotiation is complete, then the client and server will > > have > > > established a secure channel for communicating, and can then use the > > > > Any such document would need to discuss the client authentication semantics > > for the TLS connection, whether a single per-host client cert is used vs. > > per-user certs, etc. BCP 195/RFC 7525 would of course play a role, too. > > > > This is transport level security, so in order to have per-user certs, we'd > presumably have to have a TCP connection per user? That is certainly not > something that I can envision wanting to ever implement for a kernel NFS > client. There are some ugly tricks that could be played, but basically your presumption is right. If I may ask, though, how many concurrent NFS client users do you think you need to support on a single NFS client machine? > IOW: As far as this working group is concerned, I'd see TLS as mainly > practical for providing machine level authentication, not user level. I don't really expect anyone to disagree with that. > I agree that there are issues addressed by RFC7525 that we may want to > discuss. > > > > > > > standard security flavours on top of that channel (presumably after > > > negotiating down the irrelevant RPCSEC_GSS privacy and integrity > > mechanisms > > > and applying channel binding). > > > > Anyone considering GSSAPI channel binding should probably consider the > > issues that > > https://tools.ietf.org/html/draft-ietf-kitten-channel-bound-flag-03 tries > > to address, and also that the tls-unique-based binding value in RFC 5929 is > > rather overtaken by events. There would probably be a need to define a new > > TLS exporter-based value that requires the use of TLS 1.3 or > > extended-master-secret. > > > > > Is that discussion relevant to the NFSv4 working group though? NFSv4 only > requires servers to support RPCSEC_GSSv2 (or RPCSEC_GSSv3 for NFSv4.2). > Both those protocols have explicit channel binding RPC calls that return > success/failure, and a separate service type (rpc_gss_svc_channel_prot) > that as far as I can tell should meet the requirements in the above > document. Am I wrong? You are right -- I had forgotten that RPCSEC_GSSv2 uses a different binding scheme, and in fact section 5 of RFC 5403 says you SHOULD NOT use native GSS channel bindings. Sorry about that. -Ben > > > -Ben > > > > > Is this a proposal that might be of interest to members of this group, > > and > > > hence be worth documenting in an RFC? > > > > > > Cheers > > > Trond > > > > > > On Tue, 28 Aug 2018 at 07:57, Rick Macklem <rmacklem@uoguelph.ca> wrote: > > > > > > > David Noveck wrote: > > > > [stuff snipped] > > > > >> AUTH_SYS with UIDs/GIDs is too limited. > > > > > > > > > >As far as I know, AUTH_SYS includes 32-bit UIDs/GIDs. Those seemed > > > > ample when > > > > >AUTH_SYS was designed. > > > > > > > > > >It certainly is too limited now, but it is difficult to change. Even > > more > > > > of a > > > > >barrier than the existiing OTW formats, is the fact that most flle > > systems > > > > >used with NFS reserve 32 bits in the inode for each of owner and > > group. > > > > >Further complicating matters is that in-kernel VFS's and POSIX API's > > are > > > > >built around this very limited approach to user identity. > > > > > > > > > >> I have no objection to a mechanism like AUTH_SYS-over-TLS > > > > > > > > > >I don't know of any AUTH_SYS mechanism that uses anything other than > > > > >32-bit ids. > > > > > > > > > >> that uses name@domain to be consistent with the rest of NFSv4. > > > > I think he was referring to a new authentication flavour that had the > > > > "user@domain" string as the authenticator. (There is a 400byte limit, > > but > > > > that might be sufficient.) I might have called it AUTH_NAME or > > AUTH_OWNER. > > > > > > > > I'd guess that 99.9% of FreeBSD NFS usage is AUTH_SYS, although > > Kerberos is > > > > in the system. I do think a way to use TLS (or similar) to encrypt at > > the > > > > transport > > > > level would be a good thing and would get used more widely. > > > > > > > > Many of the FreeBSD sites (I won't guess the %) use AUTH_SYS but > > ignore the > > > > gid list and generate a gid list on the server from the uid. As such, I > > > > don't think > > > > putting gids/owner_group names in a new authentication mechanism is > > needed. > > > > > > > > For folks that have a 32bit uniform uid space, AUTH_SYS in transport > > > > encryption > > > > seems ok to me. > > > > For sites where the uid space isn't uniform or doesn't fit in 32bits, a > > > > "user@domaim" > > > > to uid/gid list mapping in the server can be done using this new one. > > > > > > > > >Within NFSv4 proper, you could use name@domain, but there is really > > no > > > > >point if you are using AUTH_SYS. You are allowed to use numeric ids > > > > >as attributes and most people using AUTH_SYS choose to do so, to avoid > > > > >the overhead of a translation that provides no benefits. > > > > They could use this mapping with AUTH_OWNER when AUTH_SYS won't > > > > work for them. > > > > > > > > rick > > > > ps: I, for one, am not interested in implementing a new GSSAPI > > mechanism > > > > that > > > > isn't in the open source Kerberos distros. As such, any > > complicated > > > > setup > > > > involving writing of a lot of new code probably wouldn't make it > > in > > > > FreeBSD > > > > for a long time. However, something that mostly uses the extant > > code > > > > for > > > > supporting "https" should be doable. > > > > [more stuff snipped] > > > > > > > > _______________________________________________ > > > > nfsv4 mailing list > > > > nfsv4@ietf.org > > > > https://www.ietf.org/mailman/listinfo/nfsv4 > > > > > > > > > _______________________________________________ > > > nfsv4 mailing list > > > nfsv4@ietf.org > > > https://www.ietf.org/mailman/listinfo/nfsv4 > > > >
- [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Mkrtchyan, Tigran
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Mkrtchyan, Tigran
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Black, David
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Nico Williams
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Nico Williams
- Re: [nfsv4] NFSv4 on TLS Mkrtchyan, Tigran
- Re: [nfsv4] NFSv4 on TLS David Noveck
- Re: [nfsv4] NFSv4 on TLS Rick Macklem
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Black, David
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Chuck Lever
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk
- Re: [nfsv4] NFSv4 on TLS Trond Myklebust
- Re: [nfsv4] NFSv4 on TLS Benjamin Kaduk