IETF Logo Mail Archive

[nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-pseudoflavors-00.txt

Chuck Lever III <chuck.lever@oracle.com> Sun, 05 December 2021 20:07 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 246A23A085F for <nfsv4@ietfa.amsl.com>; Sun, 5 Dec 2021 12:07:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b=bnnd8zVZ; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b=yoUsZcxv
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMmgXq2KP9M4 for <nfsv4@ietfa.amsl.com>; Sun, 5 Dec 2021 12:07:46 -0800 (PST)
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADF9C3A085E for <nfsv4@ietf.org>; Sun, 5 Dec 2021 12:07:46 -0800 (PST)
Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1B5JNcUP011488 for <nfsv4@ietf.org>; Sun, 5 Dec 2021 20:07:45 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id : references : content-type : content-id : content-transfer-encoding : mime-version; s=corp-2021-07-09; bh=BYPySgzY1Sx6DxW62LowzTSSW/Kg/DXIvBxsPxhX+tY=; b=bnnd8zVZvNseOjZmrllqglR03vr04YKSRrsTdbqwYoImK4lX6VwffB2bcqrUZZqxmDlh yHqY1aHVqRVkVbYUf+sMDCN1zMFf5VHNgA731f35qcSBybLsUFTzthM8gS1U7Pka5bIF GtpL6ul/Fv+r1f0KUbpsffxj/2tqFBdirCefFJvP+n6J9cXuKtKcZ6iZmOjLfuY5YtYh NxddR4lBhksm5xt5JERG3KGPRdirFkdP1jmnYxqDj/55N+o72Qrelg0EdZX24h4EnOIu SF4FZs6GG2gLjPaCIh/xLGNql3qLPZn40lr7cjfkUIO/tpzXKLS0V+eQESjZ93zlntfb yw==
Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by mx0b-00069f02.pphosted.com with ESMTP id 3cqxx1c5mk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Sun, 05 Dec 2021 20:07:45 +0000
Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.1.2/8.16.1.2) with SMTP id 1B5K0Z8K064007 for <nfsv4@ietf.org>; Sun, 5 Dec 2021 20:07:43 GMT
Received: from nam10-mw2-obe.outbound.protection.outlook.com (mail-mw2nam10lp2104.outbound.protection.outlook.com [104.47.55.104]) by userp3020.oracle.com with ESMTP id 3cr1sjv94a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Sun, 05 Dec 2021 20:07:43 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e6hRT6RYKTQjBFTBEuE2RWgMuY6w7U0tuR31p+2ABBcSaQ23+D52OWqnMLWsv9a6ILvNceXBs32gQKsy33/XSvOAe/MY/fdcM0QWX4ucqE4jpzA+kTvyQHNjibOjpgOUMrOiH/oIZKlbFhauUgSwrXQux0Kv3UHzBUPWQVGW3BcNSzpj1RNm/S9Ck6e7q0gEoNZ+tw2P5NcLU+K/+SKXDl5+z7AK0+BbRItTkX8+0kRiaDNhVvmqLZbm651S0XiOO9tTM4B3sd6Sa8Sx2cO5Bs6KV7PsUr8lbKDIflbCzV4E+vT108djazsv5rLrzakY0APiTthu7AuCENuz9rFVtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BYPySgzY1Sx6DxW62LowzTSSW/Kg/DXIvBxsPxhX+tY=; b=nigrf1dc8azzuxeGyyL/0S6sEiW3LvZoTV5syXGhgVhyZKUPiOGEKQtVnnBdJLPeQqtMj1utiClib7iDiu/OrXBPuUs4HCCMxfPUQh18BTsVIlDA0UxQfT59TZcQEvJAqUIO3QGeAhS00GcmUn8GEjEZ/HzlyjbPTMVahjmcdkXIacqcIIkxs687ibviiEvf6cpxiNvXFIOXvASfijgkyDZ2UPMnr6WTQpQbj6gQF+AdvbTwnC6vEYXL8lYiRvAQBKXnr1sDJL32F5jJ1Y2u+l7IFI6j3ROdzceNPdEO4HMZbJlbsi4EIP2qeQLq+eMlwO4HUUTl9pd1hzlAMkvrUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BYPySgzY1Sx6DxW62LowzTSSW/Kg/DXIvBxsPxhX+tY=; b=yoUsZcxvcVxsQVnR3zQg7tk/kDfGyzHvgRTXfvw1xRmHNV3zYHyc2gu+K0ZaefaeSdq9ptL8tm61EYYsBboWXIInyDGQ4FAC8xh9Ogr3TxjmhQ2J1Y8+xA1lhKE7cmiXIlJaSqFPCzOaIfx+XtRxoIm6jbMx7VUi8asEjG44zWI=
Received: from CH0PR10MB4858.namprd10.prod.outlook.com (2603:10b6:610:cb::17) by CH2PR10MB4311.namprd10.prod.outlook.com (2603:10b6:610:79::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4755.21; Sun, 5 Dec 2021 20:07:40 +0000
Received: from CH0PR10MB4858.namprd10.prod.outlook.com ([fe80::a4f2:aef4:d02b:9bde]) by CH0PR10MB4858.namprd10.prod.outlook.com ([fe80::a4f2:aef4:d02b:9bde%9]) with mapi id 15.20.4755.021; Sun, 5 Dec 2021 20:07:40 +0000
From: Chuck Lever III <chuck.lever@oracle.com>
To: NFSv4 <nfsv4@ietf.org>
Thread-Topic: New Version Notification for draft-cel-nfsv4-rpc-tls-pseudoflavors-00.txt
Thread-Index: AQHX6hAa5Iy4UaEkKUeUmSSqi5G97Q==
Date: Sun, 05 Dec 2021 20:07:40 +0000
Message-ID: <856F08E9-CDFD-43B5-B8B1-278BE0DA7339@oracle.com>
References: <163873328734.5490.15468230922208392053@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.120.0.1.13)
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c270136b-fafe-465c-6c1f-08d9b82ae43a
x-ms-traffictypediagnostic: CH2PR10MB4311:
x-microsoft-antispam-prvs: <CH2PR10MB4311DDE662F5B9E21A959597936C9@CH2PR10MB4311.namprd10.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Y5XQVPYpkHhXmwAWf/AMAfHJ2vUM6S4VebM8jhjgjhvRqIKlJSL757YUewT4YQpAotvpJq4Ieo+ea2jIkVPseNDc7nVLA/dkVYY419CGjBgswriptf0EzJEHFDSu+U4htow9kzW+lSsPjz4Y/+quMOGDfyLWdIkh1KVBDsvrqiAljnfX63xZL52816FYU6I9Zzub9vvp7AFRUqWOAVJ4Mq4duZYZ5W5s6zZRxewfYFp3T3xX/COvxHEAdPAZNgjaHLa3slBSPknZfZ/WZUxLsSAve/hcQTtqf53sJ1tHhQgTyPRsmZAE3ywRT6Uq1+Z1mXOY4dgfBHWBr7ZXyqCG8hVi2/6Agoq6X/xyNsDPnLm8aoPg53lCDeQ/gTlBkqIZUAG62DRT3W0XzlfkKn+Ak8aDyZ68L7OQEuyHKKRCdYra6Pk11WlXmxiD9OcAQPFHgL4j9FpBjUQaCuanq/r4VcCGaT1RSXBBC0MXW/XJhoVNMDLleAR0jFY7SKUOIMAdhB8CdELBts07PpfyT7Lxw4jbewQZxaT3YLli3hm1m9UEq4i0kCk1/FIEy4NevbTjA55Fwd+JBe6uc0FK1zFpuEqXKsmn9VmZ0rvL/wQj9TaWtuZzSPI4bO2zf5FqKYJbe18AGean1XqlXaaON+q+A8iAAnGF4dl60zAgtoWjlleqWyGPI4ZWEeU8gby2nQjpTXv1DZeak9EtMYDRCfBQlPELyTf83nPvu2YS6aea6DQ2HsG1D0ZqBfT6OdcXG4SjJBLletGNZCkxbZikldncxc/6U5ziONt0pR+T1WCSo9DkL6OHlIpjb73fWzJHO0zqt7SPk4V3dxWTEIAw/U0JUj5Rld3OkfP7QOB66FLuGXI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR10MB4858.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(6486002)(15650500001)(8936002)(64756008)(508600001)(66446008)(6506007)(5660300002)(71200400001)(38070700005)(36756003)(966005)(66556008)(6512007)(8676002)(66476007)(76116006)(26005)(6916009)(316002)(2906002)(122000001)(86362001)(38100700002)(66574015)(186003)(2616005)(66946007)(33656002)(83380400001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Q83MyqmDT+I3at7NxuY4f8R/MPBXt1QA3MKmyx3le6NTH1OeoFDSzlqRBU3TjJNLpLtjFEp4JdayCAbIfLAEx5umlL1IsCJNoLpakWdg4phUmZ7d4CnbIZHK0iC3G2Uv597r2NFE9BeWmVqYgvi7MkhwWwLsODvqwKbZiWfZpYBHVhZBkDEC6gqWG6wTe14eU+iWnw/foBaflyjfo22Y3tNMVavEK27EKwCZTO3RCjgCxylSaSGhdXflIOPJkVSGqRjtzwUo/kY2iXMB1JpKPNrp4nBpUhwKVJj+GHYjSgodhY/HNECo1IWk4/+k0+AUZZZjJpC19k3lvy7ZbJfMyxNTMFU9zAMlAZ3xNILFcmCoWzHllLXBm6R6gktz3wqGaVjJPlh/LIuHtzlDqr0Z1u19uoFOUMQypdgpBMrejZH7lAM9BEXCp/Gzkv4R3lOjcFMZH993GIe1MZVzAnCJ3jyPX6j52kddzK8j+dISqZpBt6PzF7zn7rqclbIO0MLs5aID9rmIRLeYewoZiib87h8wd7gIaehmb967KeIjMvQypI47gMOL1XuhOhvI2ves7gB6KUixrcgnnVrXFG98+1r1Z6Ac44m7GqgScEpqWfndEQxgn21FXbT3VbRwMrqSYf8/irTUZZKyyj/5P9B32xb5NY4fZ1c6px9CLOEKyJe0lnsaywhgZnt485ly1SppM24kI0y+oMYW7lK/wkwcvjH0GZgwjYmnojXgOHPibnsijXlJmKDo5reBpBm0psFy+mDqkkVhrzrqJM53bdced19vGdHc9L+f6+kv27I4hJSYLiqMrRHeAEn1XVEavgywylzSvbnoefbKjaX/Ai3z0sdFwktAwlx+lmN2yHSVvEDxcHCVRAgz9K8TKdvB6K+uWahvjWMvwY634B1NWSFoSI5sIfwBWnqV9dAgkVVato/JM8rqQw7JIzzlK/gDm18GkpYrwUZYOrIFZT+UqYhXf8bx7JEpyt7U1tHgn9l62cKTtMc4L7HcplYjMLAaNFAni5VBgTEf0IMX20kA4QxlIpVKY9h4UfqH8x4qr3nEMNzxSIVYnanUdP9vWcarWf3T34/TEZeM1grEnZSgQ1TP7uIojIC7FtI62nBqTubDUyj+nuau2oTUslAEMlwNhSZC3iNLSzU+rfJBCn8/wNfjVwb6IhQrssaVNmuBEdLJjIjTCbeKy1JgGnbE9iXUs7V9kkW5/T1ozxVbd9UUit20nje97Y7wlX9j9EXFZM+YQX49dA3FdljRwu3IvyMtYkhhc17raFA+z4MhSJzm/V6yGBI8Hy6fD+Szpn9yDbpigRci3JcMJRgk/BzkZMNHSK2bx0/UxZ3FsMjba8PAI7K4T6/m7ndgqgqEhqH9CZMZ+x3Evgm4zRJMVF9Yy2BFW4Dxp3OKDFqelTExwcfl/x2GgZDw1XdhapK3/LqqW2i7LIYECVFp9VGRJM0Os59il7ZyKq5nfsNs3bUWPpsN57FMQcirpQ2HjsYA/cGMZdjvCZc2saFG6FDK3BYq1KXFczGeRsOwI0qMfIcFnDGO7AciKwy48mgCu29NgrtOVqgCw4LVDO2ktZPgEku5WahoPKb95VfhgRt3mWJLctB5VlfHH7TQvY4X2YegzDyIGrqJP04=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F48DE20134F9B642B21E2B699B075724@namprd10.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR10MB4858.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c270136b-fafe-465c-6c1f-08d9b82ae43a
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Dec 2021 20:07:40.5453 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: juUfnX0En0z+0PWmGlg/HTcwbiLaAC5ZoAqX1Azo8b7HYhnfmYwKo8mcF9tMI7WRqbVPsy9tjRSG1iRBS0BEEQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR10MB4311
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10189 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 mlxscore=0 spamscore=0 phishscore=0 bulkscore=0 suspectscore=0 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2112050120
X-Proofpoint-ORIG-GUID: EohFpd2HYm02ODG2xmYMV5HCfFFOQHNE
X-Proofpoint-GUID: EohFpd2HYm02ODG2xmYMV5HCfFFOQHNE
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/0YUVFUmx6ROCMpbGl3W4oLOTIA4>
Subject: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-pseudoflavors-00.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Dec 2021 20:07:51 -0000

> Begin forwarded message:
> 
> From: internet-drafts@ietf.org
> Subject: New Version Notification for draft-cel-nfsv4-rpc-tls-pseudoflavors-00.txt
> Date: December 5, 2021 at 2:41:27 PM EST
> To: "Charles Lever" <chuck.lever@oracle.com>, "Chuck Lever" <chuck.lever@oracle.com>
> 
> 
> A new version of I-D, draft-cel-nfsv4-rpc-tls-pseudoflavors-00.txt
> has been successfully submitted by Chuck Lever and posted to the
> IETF repository.
> 
> Name:		draft-cel-nfsv4-rpc-tls-pseudoflavors
> Revision:	00
> Title:		Pseudo-flavors for Remote Procedure Calls with Transport Layer Security
> Document date:	2021-12-05
> Group:		Individual Submission
> Pages:		14
> URL:            https://www.ietf.org/archive/id/draft-cel-nfsv4-rpc-tls-pseudoflavors-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-cel-nfsv4-rpc-tls-pseudoflavors/
> Html:           https://www.ietf.org/archive/id/draft-cel-nfsv4-rpc-tls-pseudoflavors-00.html
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-cel-nfsv4-rpc-tls-pseudoflavors
> 
> 
> Abstract:
>   Recent innovations in Remote Procedure Call (RPC) transport layer
>   security enable broad deployment of encryption and mutual peer
>   authentication when exchanging RPC messages.  These security
>   mechanisms can protect peers who continue to use the AUTH_SYS RPC
>   auth flavor, which is not cryptographically secure, on open networks.
>   This document introduces several RPC auth pseudo-flavors and other
>   mechanisms that an RPC service can use to indicate transport layer
>   security requirements for accessing that service.
> 
> 
> 
> 
> The IETF Secretariat

I've submitted this personal draft to provide a fleshed-out version of
a proposal I have outlined in the recent past:

https://mailarchive.ietf.org/arch/msg/nfsv4/tU1WfkYQUm2AbiZUA3L2uX56uR4/
https://mailarchive.ietf.org/arch/msg/nfsv4/7psVqBBY8uhP9L9bMfF7hUbVXK0/

among other places.

This document provides a similar but contrasting approach to the one
described in Sections 13 through 15 of draft-dnoveck-nfsv4-security-03.
In addition to covering NFSv4, my document also addresses NFSv2/3 and
other RPC services that might wish to employ transport layer security.
I'm hoping that comparing and contrasting these two approaches will
sharpen our vision and thinking as the WG comes to a rough consensus.

Another important reason for a separate document is there seems to be
palpable demand for a standards-based NFS in-transit encryption solution.
The RPC protocol changes put forth in draft-ietf-nfsv4-rpc-tls are
necessary but not sufficient to accomplish this goal. I would like to
see a vehicle for moving the remaining components through WG consensus
and into the publication queue as quickly as possible. This document
might serve as that vehicle.

An -00 is, as always, a rough cut. There are likely to be significant
gaps in this proposal, which at this point is still quite malleable.
Thanks in advance for your time and attention to this work.


--
Chuck Lever

v2.23.0 | Report a Bug | By Email