IETF Logo Mail Archive

Re: [nfsv4] Erik Kline's No Objection on draft-ietf-nfsv4-rpc-tls-08: (with COMMENT)

Chuck Lever <chuck.lever@oracle.com> Thu, 02 July 2020 15:30 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 625163A0834; Thu, 2 Jul 2020 08:30:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id egROeHtTR8cZ; Thu, 2 Jul 2020 08:30:55 -0700 (PDT)
Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87E843A083F; Thu, 2 Jul 2020 08:30:55 -0700 (PDT)
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 062FMUjH003884; Thu, 2 Jul 2020 15:30:53 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2020-01-29; bh=VtoWR4Eb538YpC4SIMyKl7F8emm4odRAII540Vpk77Y=; b=EN7HTlvtCGh6U0KQyFrWeSNgv15W+eC6WTRzBvPCTBAgYEyKU1o21cRafAIqY3ATwWdA igpT/7qf750kw/Xvw2oDl9znydmSxL1UAQMhU4O++YQvlllquFW5lUjS4E4m/k8oNAum ggWOu+yP4e1s+cx/7xrX4afl01T8Rt9ooGzmAEmCmVHfE5rY4QzzC/LRE2YFAmZ8Sgc6 xY+rlPCjuCqfA4ycTsUcKV0EuuK2Tl0H/lA65EVxRn+Las+ye5Yaf6wPXW8opJz9gPc8 VBqPtuh4lr1clF5S3miXaYbFmehCwI6dBiVGosoeREZRg4Wj/dbIu7NL/M5AxtJyB1DT Jw==
Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by userp2120.oracle.com with ESMTP id 31wxrnh47y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 02 Jul 2020 15:30:52 +0000
Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 062FN4Nc033138; Thu, 2 Jul 2020 15:30:51 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserp3020.oracle.com with ESMTP id 31xg19jvk3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 02 Jul 2020 15:30:51 +0000
Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 062FUoo1027080; Thu, 2 Jul 2020 15:30:50 GMT
Received: from anon-dhcp-153.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 02 Jul 2020 15:30:50 +0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <CAMGpriWpER-pzH+Nfer=OSZKbU-cUJ9Arqsk1rxZU-72dWy1sg@mail.gmail.com>
Date: Thu, 02 Jul 2020 11:30:48 -0400
Cc: The IESG <iesg@ietf.org>, draft-ietf-nfsv4-rpc-tls@ietf.org, nfsv4-chairs@ietf.org, nfsv4@ietf.org, David Noveck <davenoveck@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <AA6DCFBF-2B7E-45FE-B770-22B4E3B68446@oracle.com>
References: <159349149991.12516.12036430886387047884@ietfa.amsl.com> <FEE410F9-240F-4401-99CF-A2FC54DFE095@oracle.com> <CAMGpriWpER-pzH+Nfer=OSZKbU-cUJ9Arqsk1rxZU-72dWy1sg@mail.gmail.com>
To: Erik Kline <ek.ietf@gmail.com>
X-Mailer: Apple Mail (2.3445.104.14)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9670 signatures=668680
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 malwarescore=0 mlxlogscore=999 suspectscore=0 bulkscore=0 mlxscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2007020107
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9670 signatures=668680
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 mlxlogscore=999 priorityscore=1501 impostorscore=0 bulkscore=0 clxscore=1015 malwarescore=0 phishscore=0 adultscore=0 cotscore=-2147483648 lowpriorityscore=0 suspectscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2007020107
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/2mUiT8CB3DOV9iX8e7HbM-g45oo>
Subject: Re: [nfsv4] Erik Kline's No Objection on draft-ietf-nfsv4-rpc-tls-08: (with COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2020 15:30:57 -0000

Hi Erik-

> On Jul 1, 2020, at 3:24 PM, Erik Kline <ek.ietf@gmail.com> wrote:
> 
>>> * What mechanism guarantees that (D)TLS traffic can always and easily be
>>> distinguished from RPC traffic on the same port?
>> 
>> The document does not specify any mechanism for making that distinction
>> for UDP. The server would have to match ingress datagrams that appear to
>> be DTLS traffic to existing DTLS session state. The server treats datagrams
>> that fail to match as RPC messages.
>> 
>> For TCP, once a TLS session is established on a connection, the client is
>> forbidden from mixing TLS traffic with unprotected traffic on that
>> connection. To send unprotected traffic after establishing a session, a
>> client would have to establish a separate TCP connection that does not
>> have a TLS session.
> 
> This might be something worth a few sentences.

I agree that the DTLS case needs some guidance language because there
are socket resources shared between protected and unprotected datagrams.

OLD:

   DTLS support for an RPC program on a particular port.  It then
   negotiates a DTLS session.

   Multi-homed RPC clients and servers may send protected RPC messages
   via network interfaces that were not involved in the handshake that

NEW:

   DTLS support for an RPC program on a particular port.  It then
   negotiates a DTLS session.

   The current document does not specify a mechanism that enables a
   server to distinguish between DTLS traffic and unprotected RPC
   traffic directed to the same port.  To make this distinction, each
   peer matches ingress datagrams that appear to be DTLS traffic to
   existing DTLS session state.  A peer treats any datagram that
   fails the matching process as an RPC message.

   Multi-homed RPC clients and servers may send protected RPC messages
   via network interfaces that were not involved in the handshake that


However I'm not so sure about the TCP case. Why would a client want to
send a mix of protected and unprotected traffic on the same connection?
In any event, I propose this addition:

OLD:

   server will subsequently reject the same RPC program on a different
   TCP connection.

   Reverse-direction operation occurs only on connected transports such
   as TCP (see Section 2 of [RFC8166]).  To protect reverse-direction
   RPC operations, the RPC server does not establish a separate TLS
   session on the TCP connection, but instead uses the existing TLS
   session on that connection to protect these operations.

NEW:

   server will subsequently reject the same RPC program on a different
   TCP connection.

   Once a TLS session is established on a connection, TLS forbids the
   client from mixing session-protected traffic with unprotected RPC
   traffic on that connection.  To exchange unprotected RPC traffic with
   a server while a TLS session is established, the client establishes a
   separate TCP connection that does not have a TLS session.

   Reverse-direction operation occurs only on connected transports such
   as TCP (see Section 2 of [RFC8166]).  To protect reverse-direction
   RPC operations, the RPC server does not establish a separate TLS
   session on the TCP connection, but instead uses the existing TLS
   session on that connection to protect these operations.


>>> [[ nits ]]
>>> 
>>> [ section 5.1.1 ]
>>> 
>>> * "When operation is complete" ... In addition to a grammar tweak, you
>>> might repeat a few choice words from section 7.2 about the ability to
>>> send multiple requests over a connection.
>> 
>> I don't understand this comment. Section 7.2 is about user privilege
>> separation. What did you have in mind?
> 
> I was just thinking that it would be useful to add a sentence to
> dispel any ideas that it's a "one TLS connection, one request" system.
> 7.2 explicitly talks about sending multiple requests per session:
> 
> """
>   Moreover, client implementations are free to transmit RPC requests
>   for more than one RPC user using the same TLS session.
> """

The Section 7.2 language assumes one TCP connection is used for many
RPC transactions because that's an optimization that's common to
existing RPC-over-TCP client implementations.

The point of 7.2 is that there is a security-related reason why this
optimization is not appropriate. A distinct TLS session is needed for
each security domain on a client (think client multi-tenancy). That
is orthogonal to the general case you are thinking of.

Though not a typical use case, it's totally valid to establish a TLS
session for one or a handful of RPC operations. But I think what you
are saying is the document might be read to suggest a TLS(TCP) session
is valid for the exchange of only one RPC transaction, and of course
that is not at all the case.

I propose the following change to Section 4.1, but perhaps more is
needed:

OLD:

   Once the TLS session handshake is complete, the RPC client and server
   have established a secure channel for communicating.  A successful
   AUTH_TLS probe on one particular port/transport tuple never implies
   RPC-over-TLS is available on that same server using a different port/
   transport tuple.

NEW:

   Once the TLS session handshake is complete, the RPC client and server
   have established a secure channel for exchanging RPC transactions.  A
   successful AUTH_TLS probe on one particular port/transport tuple
   never implies RPC-over-TLS is available on that same server using a
   different port/transport tuple.


I hope the following change addresses the grammar error you noticed:

OLD:

   When operation is complete, an RPC peer terminates a TLS session by
   sending a TLS Closure Alert and may then close the TCP connection.

NEW:

   When operation is complete, an RPC peer terminates a TLS session by
   sending a TLS Closure Alert.  It may then close the TCP connection.


--
Chuck Lever

v2.23.0 | Report a Bug | By Email