[nfsv4] AD review of draft-ietf-nfsv4-rpc-tls
Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 01 April 2020 08:27 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 277313A0060; Wed, 1 Apr 2020 01:27:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQ-X9h200MBh; Wed, 1 Apr 2020 01:27:35 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2046.outbound.protection.outlook.com [40.107.20.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A6D3A005F; Wed, 1 Apr 2020 01:27:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FA0OA+n6255TYvPq9ctHbK79esf2ZsCvgsM7GQY7IG2r/xLSWvwWNdnlB2TaQVM0oeUpuDd81YMDR/TUun2zp33Pqe7LgaSa6IiqyakcdgfOC8KGVXFRsuMKis9D9luGchW6QL19PzfW7PAABhwKFM6qVY1IVOOtd2xBQ0qJNsQlivcrk90vDkz7fu6e5z7sAate1+xLH8SAVom5BQeppRLxa5pj8vs+gg/+v9rXUy3HOVsZlIenj7gA8VcGet9H2TGdk6pUatQTc7U4ZI5X4RSwq3dspeW+hHsKjo5q+ZfGby0nU3a/39mdJNv3ry4MZthHxQ5NkjM69D4hMgmUfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vmss4AJZ7sJdEXylDgXL7h5OyA2/gw2FWJA7i1+MZCY=; b=YuajqyBZCsIW/+2FhvfJ6YKH0THx/GvimK+DUA2dMgwcVig92Rci95jPIhraEJFyZ4fD/dV5uHN/51nkirIWy4ik2tfvYHPw5F2lyLbaJ23XDDff5au8x5s2hj6k6R1iTHN04L3NlfDSiiUpqsNNBrNoRMeXa9uq6A/MODJyJR6NCnMsEGy+2WXT/XH0RiJvd2pwaZK0lXhsv+mDWEriMtfhhWCrTACTt7SRWc1BlyHwmIPiqODgeVIZbT5vsOj0JEnpGMDVBVFP7ctJwGOhumHpFz9PHM2wL4ZRERR31+4j+EgembdiMGRdZsH1/5QGzUy9KqyzcntwGhpN0aSQ3g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Vmss4AJZ7sJdEXylDgXL7h5OyA2/gw2FWJA7i1+MZCY=; b=jbpTnleySqwrweebToS3wrFD+Lfvg89URXYDEu8hoy+GrAfieddOMBzYhZz/AHVudmDrWc88pQXfUqm24lM5k3U8N6NlmH0f798WepF43NBiAOHCpQiexUDEyRQgPXrBZNE8xGgzHlDje5vlhpzYLpQeq95mds99/xCoP7GSZHU=
Received: from VI1PR0702MB3775.eurprd07.prod.outlook.com (52.134.8.30) by VI1PR0702MB3583.eurprd07.prod.outlook.com (52.134.7.29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2878.13; Wed, 1 Apr 2020 08:27:28 +0000
Received: from VI1PR0702MB3775.eurprd07.prod.outlook.com ([fe80::4109:db16:5948:85dd]) by VI1PR0702MB3775.eurprd07.prod.outlook.com ([fe80::4109:db16:5948:85dd%4]) with mapi id 15.20.2878.014; Wed, 1 Apr 2020 08:27:28 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "draft-ietf-nfsv4-rpc-tls@ietf.org" <draft-ietf-nfsv4-rpc-tls@ietf.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: AD review of draft-ietf-nfsv4-rpc-tls
Thread-Index: AdYH+TZCYEUSPG/KThqZ8Tp9CcZenQ==
Date: Wed, 01 Apr 2020 08:27:27 +0000
Message-ID: <VI1PR0702MB3775838FD12AB8A89392C17B95C90@VI1PR0702MB3775.eurprd07.prod.outlook.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [158.174.118.23]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9ecffc60-8d5b-4620-a037-08d7d61683df
x-ms-traffictypediagnostic: VI1PR0702MB3583:
x-microsoft-antispam-prvs: <VI1PR0702MB3583F3CD838F085F0F741D6C95C90@VI1PR0702MB3583.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 03607C04F0
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR0702MB3775.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(39860400002)(346002)(366004)(136003)(396003)(376002)(186003)(316002)(81156014)(55016002)(7696005)(44832011)(71200400001)(86362001)(110136005)(81166006)(26005)(6506007)(478600001)(33656002)(966005)(66556008)(66574012)(99936003)(52536014)(8936002)(66616009)(66946007)(9686003)(450100002)(2906002)(66476007)(5660300002)(76116006)(8676002)(66446008)(64756008); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hODEP3vE3a+zQYXTorsQL/Wgn6VK20bCNT1d10E1b7BbtyNRksH2vtFajmx+wBylIdUROnMmAFOzityHVdTNeb2Xb6u7Wsh3H6hzgH1t4R1Cfooc1phDR107f/THCPLWijNZoECdsR1YU/oLog/p92eTw61rSeFO7wy3az3QGfOJdGWlUEIZrGunQllrrbwbTRRo95TUSqAfvVxJT+GYT+n7oagKWC2sDaFbtY6ydGS5Pd+dvCI7QqWz4OyYO7SGrUThseeGhMbWO+nf7Urw5FOIa0zIAa05MP1ccClHbeKj+7ISQW93fA6NJlSrfkelmj+wj87QxR2wbiVQxONrPdXcQMCROk8bMCea3ukWCEV3o++xVEs4k8kCq5/Oj1WoSbpl+df9L6DKzY9UQwfJ0z+kZcmkyEQLorp1XwgRPameMcDh5LaIx6NDoFkVrUC9Fjhj0ja0XLidAlF54ke46o0LgbYd/WKyg+vPjcKjgDrnxKreRIFPUZ/NSxmy1yfgUwPKv8i2LtmS/7X5WxGEZg==
x-ms-exchange-antispam-messagedata: iAyVmcra2NbatiK9s6QcnwjByIg4lYWTFnMaVUY/0wghgIuPA2pqKtZf16FFfbC3L2iL5xfWX8exPid3BkVNsAaCPoOLlGwG+rF13yTrSmJRVLMbbdvZVneDWSOOKDFntYEQHAtoCTUz9RTz55X57g==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="SHA1"; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_004C_01D60810.2363F2A0"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9ecffc60-8d5b-4620-a037-08d7d61683df
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2020 08:27:28.3891 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oh7lltHjfeSTTRUyLNZdMItqZt+J1qrMgEKSe+VAyS/V2aovaRImpGjt9oEJkQ0IzAaaVJHcu5faHDp6gTlSPlKdwgURDxYPr16ZIvmTiOA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0702MB3583
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/OcJPfpFA0La6DbWLNE1Z1wEda6o>
Subject: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2020 08:27:37 -0000
NFSv4 WG, Sorry my AD review took longer time than it was supposed to. Anyway here are my comments. And as usual I am not an expert on NFS or RPC. So don't hesitate to push back or educate me with relevant context if what I comment appears to be just strange. 1. Section Status of this memo: This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English. What material in this document are not provided according to BCP 78 and the TLP? I just wonder if you are over careful, or is something verbatim copied from an old RFC? 2. Section 3: Note also that the NFS community uses the term "privacy" where other Internet communities use "confidentiality". In the current document the two terms are synonymous. Can this usage of privacy be avoided. Confidentiality is a tool to help provide privacy. So I think you should try to conform to more mainstream usage of privacy and use confidentiality where that is actually what is provided. See later comment also where this distinction becomes relevant. 3. Section 4.1: <CODE BEGINS> enum auth_flavor { AUTH_NONE = 0, AUTH_SYS = 1, AUTH_SHORT = 2, AUTH_DH = 3, AUTH_KERB = 4, AUTH_RSA = 5, RPCSEC_GSS = 6, AUTH_TLS = 7, /* and more to be defined */ }; <CODE ENDS> In this particular case it might not be a major issue, but it is recommended that not put the numbers from the IANA registry into to the document until it has been assigned to the document. In cases where one need a number for testing during development, one can in many registries actually issue an early assignment. To me the right way of doing this table would have been to replace the 7 on the AUTH_TLS line with a [IANA_TBA]. And add an RFC-editor note in this section, and the necessary IANA sub-section requesting assignment. And if an number would have been needed for the implementation an early assignment request could have been done, and then converted to a permanent one using the IANA section. 4. Section 4.1: In Section 5.1.1 is clear that the RPC receiving entity should reject requests that are not sent over TLS. However, there appear to be no requirement to actually send all subsequent requests over TLS made in section 4.1. I think such a statement should be added. 5. Section 4.2.1: A TLS-capable RPC implementation uses GSS channel binding to determine when GSS integrity or privacy is unnecessary. See Section 2.5 of [RFC7861] for details. RFC 7861 Section 2.5 says: 2.5. RPCSEC_GSS_BIND_CHANNEL Operation RPCSEC_GSSv3 provides a channel-binding assertion that replaces the RPCSEC_GSSv2 RPCSEC_GSS_BIND_CHANNEL operation. The RPCSEC_GSS_BIND_CHANNEL operation is not supported on RPCSEC_GSS version 3 handles. If a server receives an RPCSEC_GSS_BIND_CHANNEL operation on an RPCSEC_GSSv3 handle, it MUST return a reply status of MSG_ACCEPTED with an accept_stat of PROC_UNAVAIL [RFC5531]. I don't see how the details in 2.5 provides an answer to how each peer can determine that TLS Is present by using the GSS channel binding. Maybe this is understandable by someone that understands GSS in detail. However, I think some more details are needed. 6. Section 5.1.1: After establishing a TLS session, an RPC server MUST reject with a reject_stat of AUTH_ERROR any subsequent RPC requests over a TLS- protected connection that are outside of a TLS session. I assume this is actually bound to a host or a user identity? Because reading the above sentence immediately made me ask how can the RPC server determine that the RPC request is coming from an entity that already has an TLS session? Can you please clarify this question? 7. Section 5.1.2. Operation on UDP RPC over UDP is protected using DTLS [RFC6347]. DTLS 1.3 specification appears to have been publication requested so it is not significantly later than your document in the process. Thus, I wonder if it wouldn't be better to require DTLS 1.3 to match version with TLS 1.3? I also recommend to be explicit about version in this sentence. I have also asked the responsible SEC AD about the status of DTLS 1.3 so I hopefully have more input into this question soon. 8. Section 5.1.2: As soon as a client initializes a socket for use with an unfamiliar server, it uses the mechanism described in Section 4.1 to discover DTLS support and then negotiate a DTLS session. So first of all is the usage of TLS for TCP completely separate from using DTLS over UDP? So having determined TLS support for TCP does not indicate the same for UDP? And is it in any cases possible to skip the initial RPC null request with AUTH_TLS authentication and go directly to negotiate TLS after support has been determined with a server? 9. Section 6. Should there be an RFC-editor note that the whole of Section 6 should be remove prior to publication, or do you intended to have this section included in the RFC? I do note that RFC 7942 do indicate removal of this section. 10. Section 7: Privacy leakage due to STARTLS procedure. So what is sent in clear text over the TCP connection prior to the TLS session establishment? Is there information here that provides any information that enable tracking of client, or the user on the client? If there are anything that may be sent that could allow tracking that should be mentioned in the security consideration. 11. Section 8: ALPN label. So the IANA section requests the ALPN label "sunrpc" however the document fails to discuss how this is to used. If it is to be used, then I think there need to be a requirement on including it and verifying that it is present. I also wonder if the WG expect that this label can be used also for a future TLS based solution that requires usage of TLS, or if you actually need to have a separate label between them to identify on TLS Level the difference in policy and intention of the request by the client. 12. Section 8. I am missing a sub-section requesting the assignment of the AUTH_TLS value from the RPC Authentication Flavor Numbers registry. What I can see that request has not yet been named as value 7 is unassigned. https://www.iana.org/assignments/rpc-authentication-numbers/rpc-authenticati on-numbers.xhtml#flavor 13. Requirement on implementation Should this document actually update any or all of the versions of NFS 4 to mandate implementation support? From the WG's perspective doesn't it make sense to start demand implementation support. The mechanism is clearly opportunistic in its establishment, however the goal here needs to be to get support in as many places is as possible. Thus, sending a clearer signal that NFS 4.x servers and client are expected to support this should be sent. If not can you clarify what the concerns are? Because we are going to get this question again in the IESG evaluation. To me the reasonable plan towards always used transport security (something I expect the full updates, for example of NFS v4.1 to require) is to require implementation but not usage now. Then next step to require its usage. Cheers Magnus Westerlund
- [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Rick Macklem
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Benjamin Kaduk
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Benjamin Kaduk
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Benjamin Kaduk
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Faibish.Sorin
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever