IETF Logo Mail Archive

Re: [nfsv4] Comments on draft-ietf-nfsv4-integrity-measurement-07

Benjamin Kaduk <kaduk@mit.edu> Thu, 31 October 2019 19:24 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 550D9120018 for <nfsv4@ietfa.amsl.com>; Thu, 31 Oct 2019 12:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2u6P4Vz3TxS for <nfsv4@ietfa.amsl.com>; Thu, 31 Oct 2019 12:24:15 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53659120013 for <nfsv4@ietf.org>; Thu, 31 Oct 2019 12:24:15 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x9VJOAeu007862 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 31 Oct 2019 15:24:12 -0400
Date: Thu, 31 Oct 2019 12:24:09 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: spencer shepler <spencer.shepler@gmail.com>, NFSv4 <nfsv4@ietf.org>
Message-ID: <20191031192409.GJ88302@kduck.mit.edu>
References: <CAFt6BakApq=FJWs+r-jwxvTdXYs9yOg9KS47no93kdnp2gZ_+Q@mail.gmail.com> <9BEBDE7A-522A-4A6B-8132-D9C3A8A4922C@oracle.com> <CAFt6Ba=q=vSt+wtcHsi59gWnwFpuUaDqQue7f=GFSUvd25uV+g@mail.gmail.com> <BFDF314F-B913-4C4A-BAB4-C09FA840F4F6@oracle.com> <CADaq8jc_gM0SWe9weRJYp7s7xjtN9kihbVnUiBN61hF2LUJjzQ@mail.gmail.com> <FD12C92F-BBF4-4174-B896-48738C02B78E@oracle.com> <CAFt6BanwC4uu=9SpZQdiGjFswzkC3cSWPzGia34qBT5W+uuMNw@mail.gmail.com> <5B51BB44-F39D-4EF6-9E1E-3EF958F90260@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5B51BB44-F39D-4EF6-9E1E-3EF958F90260@oracle.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/0scFPwOM8wy2l1f2x74p0jOCIXw>
Subject: Re: [nfsv4] Comments on draft-ietf-nfsv4-integrity-measurement-07
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 19:24:17 -0000

A few points/questions inline:

On Tue, Oct 29, 2019 at 11:33:18AM -0400, Chuck Lever wrote:
> 
> > On Oct 29, 2019, at 2:15 AM, spencer shepler <spencer.shepler@gmail.com> wrote:
> >> 
> >> On Mon, Oct 28, 2019 at 1:05 PM Chuck Lever <chuck.lever@oracle.com> wrote:
> >> 
> >> > On Oct 28, 2019, at 3:28 PM, David Noveck <davenoveck@gmail.com> wrote:
> >> > 
> >> 
> >> In my earlier reply, I proposed breaking this process into two steps:
> >> 
> >> 1. Specify how NFS is to transport IMA metadata in an IETF publication
> >> 2. Specify the Linux IMA metadata format itself in some other venue
> >> 
> >> So then:
> >> 
> >> 1. would be a Normative extension to the NFS protocol

I'm probably missing something obvious, but why does it have to be a
normative extension to the NFS protocol?  Is there some IANA registry with
a Standards Action registration policy?
IETF WGs can publish informational documents, is where I'm going with this.

> >> 2. might be published by the nfsv4 as an Informative description of the
> >> metadata format, in lieu of getting this published somewhere else. Think
> >> of it as an illustrative example rather than a hard specification.
> >> 
> >> It still doesn't feel like it's the job of an inter-networking standards
> >> body to maintain this metadata data format specification, however.
> >> 
> >> Does it make sense to publish either a separate Informative document or
> >> have an Appendix to this document that provides an Informative example
> >> that gives a specific format for Linux IMA metadata?
> >> 
> > Chuck, 
> > 
> > Given this last set of responses, you seem to be saying that the only implementation of this capability will be with Linux and that you would be surprised to find any other implementations that would need to implement the support for this feature.
> 
> That's not at all what I'm saying.
> 
> There is currently no published standard definition of the IMA metadata format.
> I've made it clear from the very beginning that one does not yet exist, and
> have asked repeatedly whether this will be a problem. For the past 18 months,
> I've gotten the answer "no, it shouldn't be, because NFS implementations won't
> be required to interpret the metadata format."
> 
> Thus I'm asking for a protocol extension so that NFS can transport, and NFS
> servers can store, a particular piece of opaque metadata. This is a narrow
> scope. All I want to do is store and retrieve this metadata via NFS.
> 
> I've been asked to provide the format of the metadata. But at this time, no-one,
> except for Linux, has stated a plan to actually use it. Thus, this sounds like
> a piece of this puzzle that can be deferred until it is actually needed (or
> until someone decides the Linux IMA format is awesome and publishes it).
> 
> I'm also not claiming the metadata format should /never/ be published; merely
> that we don't need this format definition to create a mechanism for storing it.
> 
>  - Interpretation of the metadata can be left to the future because there is
>    a clean dividing line between moving the data and parsing it. This allows
>    the protocol piece of this work to move forward quickly while we wrestle
>    with the standards issues around the metadata format.
> 
>  - I don't believe the IETF is the right place to publish the metadata format.
>    The IETF does networking, not data storage and not Trusted Computing. If
>    we have to publish anything, it should be Informative only. Or maybe we
>    can approach another standards setting organization where it would be more
>    appropriate. I'm open to hear arguments either way about this.

I'm not arguing that the IETF should take on and publish the Linux IMA
format (for one, we don't seem to have many people willing to put energy
into doing so), but I will note that the IETF has recently chartered a WG
for remote attestation procedures and does have people thinking about
endpoint security and endpoint assessment (e.g., the SACM WG).

> 
> It seems to me that the only thing that is missing from the current document
> is a clear statement that this document, by itself, will not enable the
> implementation of an IMA appraiser on the NFS server or client. The document
> does not prevent or forbid future publication that would enable such an
> implementation.
> 
> 
> > So, this is then clearly opening the door for the NFS protocol to be used for implementation specific features and to the point that all that is needed is an opaque attribute and possibly some error codes to go along with it to achieve a side band protocol for that specific implementation.  And if anyone is interested in the feature, a pointer to some "open source" is sufficient.
> > 
> > Well, I don't believe that is an appropriate use of the NFS protocol as defined within the IETF.  I apologize if I have the characterization incorrect and would be happy to hear otherwise.

I think I lack the background to understand why Spencer doesn't believe
this is an appropriate use of the NFS protocol, but I don't think that this
is the right thread to educate me.

> I believe your characterization is incorrect.
> 
> 
> > There have been other implementations of this type of ride-a-long or side-band protocol in the past.  The Solaris ACL protoocl for example - and there are others.  To be honest, that seems to be what is needed for Linux.  Just create a small RPC protocol that can ride on top of the NFS port and shares the same file handles and it should be good to go.
> 
> As I state above, I'm seeking a standards-based NFS protocol extension
> because I would like to see non-Linux NFS servers store this metadata. The
> question of whether non-Linux NFS servers want to interpret and use it is
> left open for another time.
> 
> The same arguments were made for user xattrs, which are opaque to the NFS
> protocol. I don't see how this situation is different from those or from NFS
> Security Labels, which are also largely Linux-only, and could have been
> implemented using a side-band RPC protocol.

Everything I've heard about this so far sounds very similar to user xattrs
in terms of how much the NFS layer knows about what is being transported.
And I don't have a problem with NFS supporting xattrs!

-Ben

v2.23.0 | Report a Bug | By Email