IETF Logo Mail Archive

Re: [nfsv4] NFSv4 on TLS

Benjamin Kaduk <kaduk@mit.edu> Tue, 16 October 2018 22:41 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03CE4130E6E for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 15:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z3fvphCW1VC3 for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 15:41:04 -0700 (PDT)
Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DE6C130E87 for <nfsv4@ietf.org>; Tue, 16 Oct 2018 15:41:01 -0700 (PDT)
X-AuditID: 1209190c-d97ff7000000471e-eb-5bc668fcf0b6
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-1.mit.edu (Symantec Messaging Gateway) with SMTP id 0D.74.18206.CF866CB5; Tue, 16 Oct 2018 18:41:00 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w9GMewq8027515; Tue, 16 Oct 2018 18:40:59 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w9GMes62029605 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 16 Oct 2018 18:40:56 -0400
Date: Tue, 16 Oct 2018 17:40:54 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Trond Myklebust <trondmy@gmail.com>
Cc: Rick Macklem <rmacklem@uoguelph.ca>, nico@cryptonector.com, "nfsv4@ietf.org" <nfsv4@ietf.org>
Message-ID: <20181016224053.GB19309@kduck.kaduk.org>
References: <FD3EEC6C-887F-4F3A-AB9E-87AB9EE34ABD@oracle.com> <20180826214725.GA10368@localhost> <9A8DAFF1-C837-4AFA-99CB-863C09091608@oracle.com> <20180827185325.GB10368@localhost> <CADaq8jdr0w74J9db-AZTQ_dAP5ngT53R=KvLuK7xnVpptpbOCw@mail.gmail.com> <YTOPR0101MB182075AD5B7E864C48FF6324DD0A0@YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM> <CAABAsM5FatQmorZpTu4MGCwZMahRSJdhJu9gEPgjDEepcjjHfQ@mail.gmail.com> <20181016200243.GX19309@kduck.kaduk.org> <CAABAsM4OazaMxkDgoJZ7vV8R1HWW=jJQHwQwSEyxCryRFJDJpw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAABAsM4OazaMxkDgoJZ7vV8R1HWW=jJQHwQwSEyxCryRFJDJpw@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprHKsWRmVeSWpSXmKPExsUixCmqrPsn41i0wer1Shaz3z9itTh17Qib xcNl15gs7j3+yurA4vHy1DlGj52z7rJ7LFnyk8nj9+a9TAEsUVw2Kak5mWWpRfp2CVwZN/tW sBTstK1o/fqYtYFxon4XIyeHhICJxM0FP5i7GLk4hAQWM0k8e3ONFcLZyCixZnYvC4RzlUli 9eqpLCAtLAKqEgfnTGYGsdkEVCQaui+D2SIC6hK9O76C1TALZEm82f+eFcQWFlCU2Hv8GFgN L9C6M5u2MEEMncQi0fmrjwUiIShxcuYTqGYtiRv/XgIVcQDZ0hLL/3GAhDkFAiW+PbvHBmKL CihL7O07xD6BUWAWku5ZSLpnIXQvYGRexSibklulm5uYmVOcmqxbnJyYl5dapGuol5tZopea UrqJERzQkjw7GM+88TrEKMDBqMTDKyB5LFqINbGsuDL3EKMkB5OSKG+mFFCILyk/pTIjsTgj vqg0J7X4EKMEB7OSCG/6paPRQrwpiZVVqUX5MClpDhYlcd4JLYujhQTSE0tSs1NTC1KLYLIy HBxKErzswMgVEixKTU+tSMvMKUFIM3FwggznARqukA5Uw1tckJhbnJkOkT/FaM+xakbHDGaO bWc6gWTb0+tAsgNECrHk5eelSonz6oOMFgBpyyjNg5sMSlYS2ftrXjGKAz0qzNsEUsUDTHRw s18BrWUCWutuewRkbUkiQkqqgdGeh+fu8c//Feb9YDPJnvplrkCoxdbgd++cTW6XtwTnO8wL v7JWSGfa3kSPx01h+5wf/vX3DG3XuWp8Orao8jTTn2P36rT170XGVxxJ3vgnxXRF39Z1fL8D Lk3+ViX+TzZhS/WHDddN+1i0/XQ+ar38fuOTW+b21rLHUTpOen43Ir42H22tM1RiKc5INNRi LipOBACPEHUNMQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/0FGvQRgf9d8uqviGFzgjnGjqddM>
Subject: Re: [nfsv4] NFSv4 on TLS
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 22:41:16 -0000

On Tue, Oct 16, 2018 at 05:03:59PM -0400, Trond Myklebust wrote:
> On Tue, 16 Oct 2018 at 16:02, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> > I'm not really in a position to speak of the level of demand for such a
> > proposal, but...
> >
> > On Tue, Oct 16, 2018 at 03:53:32PM -0400, Trond Myklebust wrote:
> > > So here is a quick proposal: we add a new security type AUTH_TLS, which
> > can
> > > act as the equivalent of a "STARTTLS command" to signal that we want to
> > > initiate TLS security negotiation if the server supports it.
> > >
> > > When the client has set up the TCP connection, and is ready to initiate
> > the
> > > TLS negotiation, it pings the server with a NULL RPC request with an
> > > auth_flavor of AUTH_TLS. If the server doesn't recognise that flavour,
> > and
> > > returns AUTH_ERROR (+AUTH_BADCRED?), then the client knows that the
> > server
> > > is unlikely to support stepping up to TLS on this connection.
> > >
> > > There should be no need for the credential to carry any form of
> > > authentication payload, so just model it on AUTH_NONE, but have the
> > server
> > > return a payload of "STARTTLS" in the body of the verifier. That
> > > differentiates it from AUTH_NONE, and allows the client to distinguish
> > > servers that recognise AUTH_TLS, and servers that just ignore the
> > > authentication header altogether in NULL RPC calls. If the payload
> > matches,
> > > then the client kicks off TLS negotiation before sending any further RPC
> > > calls on this connection.
> > >
> > > If the client tries to use AUTH_TLS for anything other than a NULL RPC
> > > ping, then a server would presumably be expected to return AUTH_ERROR
> > with
> > > AUTH_TOOWEAK.
> > >
> > > Once the TLS negotiation is complete, then the client and server will
> > have
> > > established a secure channel for communicating, and can then use the
> >
> > Any such document would need to discuss the client authentication semantics
> > for the TLS connection, whether a single per-host client cert is used vs.
> > per-user certs, etc.  BCP 195/RFC 7525 would of course play a role, too.
> >
> 
> This is transport level security, so in order to have per-user certs, we'd
> presumably have to have a TCP connection per user? That is certainly not
> something that I can envision wanting to ever implement for a kernel NFS
> client.

There are some ugly tricks that could be played, but basically your
presumption is right.  If I may ask, though, how many concurrent NFS client
users do you think you need to support on a single NFS client machine?

> IOW: As far as this working group is concerned, I'd see TLS as mainly
> practical for providing machine level authentication, not user level.

I don't really expect anyone to disagree with that.

> I agree that there are issues addressed by RFC7525 that we may want to
> discuss.
> 
> 
> >
> > > standard security flavours on top of that channel (presumably after
> > > negotiating down the irrelevant RPCSEC_GSS privacy and integrity
> > mechanisms
> > > and applying channel binding).
> >
> > Anyone considering GSSAPI channel binding should probably consider the
> > issues that
> > https://tools.ietf.org/html/draft-ietf-kitten-channel-bound-flag-03 tries
> > to address, and also that the tls-unique-based binding value in RFC 5929 is
> > rather overtaken by events.  There would probably be a need to define a new
> > TLS exporter-based value that requires the use of TLS 1.3 or
> > extended-master-secret.
> >
> >
> Is that discussion relevant to the NFSv4 working group though? NFSv4 only
> requires servers to support RPCSEC_GSSv2 (or RPCSEC_GSSv3 for NFSv4.2).
> Both those protocols have explicit channel binding RPC calls that return
> success/failure, and a separate service type (rpc_gss_svc_channel_prot)
> that as far as I can tell should meet the requirements in the above
> document. Am I wrong?

You are right -- I had forgotten that RPCSEC_GSSv2 uses a different binding
scheme, and in fact section 5 of RFC 5403 says you SHOULD NOT use native
GSS channel bindings.

Sorry about that.

-Ben

> 
> 
> -Ben
> >
> > > Is this a proposal that might be of interest to members of this group,
> > and
> > > hence be worth documenting in an RFC?
> > >
> > > Cheers
> > >   Trond
> > >
> > > On Tue, 28 Aug 2018 at 07:57, Rick Macklem <rmacklem@uoguelph.ca> wrote:
> > >
> > > > David Noveck wrote:
> > > > [stuff snipped]
> > > > >> AUTH_SYS with UIDs/GIDs is too limited.
> > > > >
> > > > >As far as I know, AUTH_SYS includes 32-bit UIDs/GIDs.   Those seemed
> > > > ample when
> > > > >AUTH_SYS was designed.
> > > > >
> > > > >It certainly is too limited now, but it is difficult to change. Even
> > more
> > > > of a
> > > > >barrier than the existiing OTW formats, is the fact that most flle
> > systems
> > > > >used with NFS reserve 32 bits in the inode for each of owner and
> > group.
> > > > >Further complicating matters is that in-kernel VFS's and POSIX API's
> > are
> > > > >built around this very limited approach to user identity.
> > > > >
> > > > >> I have no objection to a mechanism like AUTH_SYS-over-TLS
> > > > >
> > > > >I don't know of any AUTH_SYS mechanism that uses anything other than
> > > > >32-bit ids.
> > > > >
> > > > >> that uses name@domain to be consistent with the rest of NFSv4.
> > > > I think he was referring to a new authentication flavour that had the
> > > > "user@domain" string as the authenticator. (There is a 400byte limit,
> > but
> > > > that might be sufficient.) I might have called it AUTH_NAME or
> > AUTH_OWNER.
> > > >
> > > > I'd guess that 99.9% of FreeBSD NFS usage is AUTH_SYS, although
> > Kerberos is
> > > > in the system. I do think a way to use TLS (or similar) to encrypt at
> > the
> > > > transport
> > > > level would be a good thing and would get used more widely.
> > > >
> > > > Many of the FreeBSD sites (I won't guess the %) use AUTH_SYS but
> > ignore the
> > > > gid list and generate a gid list on the server from the uid. As such, I
> > > > don't think
> > > > putting gids/owner_group names in a new authentication mechanism is
> > needed.
> > > >
> > > > For folks that have a 32bit uniform uid space, AUTH_SYS in transport
> > > > encryption
> > > > seems ok to me.
> > > > For sites where the uid space isn't uniform or doesn't fit in 32bits, a
> > > > "user@domaim"
> > > > to uid/gid list mapping in the server can be done using this new one.
> > > >
> > > > >Within NFSv4 proper, you could use name@domain, but there is really
> > no
> > > > >point if you are using AUTH_SYS.    You are allowed to use numeric ids
> > > > >as attributes and most people using AUTH_SYS choose to do so, to avoid
> > > > >the overhead of a translation that provides no benefits.
> > > > They could use this mapping with AUTH_OWNER when AUTH_SYS won't
> > > > work for them.
> > > >
> > > > rick
> > > > ps: I, for one, am not interested in implementing a new GSSAPI
> > mechanism
> > > > that
> > > >       isn't in the open source Kerberos distros. As such, any
> > complicated
> > > > setup
> > > >       involving writing of a lot of new code probably wouldn't make it
> > in
> > > > FreeBSD
> > > >       for a long time. However, something that mostly uses the extant
> > code
> > > > for
> > > >       supporting "https" should be doable.
> > > > [more stuff snipped]
> > > >
> > > > _______________________________________________
> > > > nfsv4 mailing list
> > > > nfsv4@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/nfsv4
> > > >
> >
> > > _______________________________________________
> > > nfsv4 mailing list
> > > nfsv4@ietf.org
> > > https://www.ietf.org/mailman/listinfo/nfsv4
> >
> >

v2.23.0 | Report a Bug | By Email