IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-rpc-tls-01.txt

Chuck Lever <chuck.lever@oracle.com> Tue, 16 April 2019 17:12 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CBDB12015F for <nfsv4@ietfa.amsl.com>; Tue, 16 Apr 2019 10:12:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WA0_sBio_5Yd for <nfsv4@ietfa.amsl.com>; Tue, 16 Apr 2019 10:11:59 -0700 (PDT)
Received: from aserp2130.oracle.com (aserp2130.oracle.com [141.146.126.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8231120152 for <nfsv4@ietf.org>; Tue, 16 Apr 2019 10:11:59 -0700 (PDT)
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x3GH9GBv087840; Tue, 16 Apr 2019 17:11:58 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=jXRsKdKSY1kB9xBvCRAAE+ntk9pvkOLT2xKRHZjpPjQ=; b=UMv5BN9+8dtgqMFWKcQaxgjgAB2KicrzUpbSn7EacrCVIk9WiMZAOmxoaJw3/IlYPMvW cPnZZ4XKo+M1Lvjd4jOQOlYSsS3uuSzHaZPXoH+c+HlwMhMQzmvWLDfW+G3LryhTVQcJ OfYXW1pGptqzXITyqyEnXfngrgEv1AsYLYpCfF0buzqCuWsTeQo2Yq+5pZjSnBBoZAFk w8rU93A6Bnjf0BAbSx34Hp3LVryjlQIw6ANtqJegJnwHrCDCbUTUOWm8EKvEwwgpwHZp dFM3t2V5xKlqifKUfQiFXB8zyqErDRL4mGgRGxc+7UfRSCNxdduGhWOPzMKXgPB37Iet Jw==
Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by aserp2130.oracle.com with ESMTP id 2ru59d64n9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 16 Apr 2019 17:11:57 +0000
Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x3GHAwPR006894; Tue, 16 Apr 2019 17:11:57 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userp3030.oracle.com with ESMTP id 2ru4vtarj1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 16 Apr 2019 17:11:56 +0000
Received: from abhmp0022.oracle.com (abhmp0022.oracle.com [141.146.116.28]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x3GHBuNS029838; Tue, 16 Apr 2019 17:11:56 GMT
Received: from anon-dhcp-171.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 16 Apr 2019 10:11:56 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <CADaq8jcCB9g9v=h4iXu1f6=cAsU7wMdmfh31gCQKvEFw2eG=rA@mail.gmail.com>
Date: Tue, 16 Apr 2019 13:11:54 -0400
Cc: NFSv4 <nfsv4@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <804CB622-D696-4FAA-8040-993CB4029508@oracle.com>
References: <155535049832.10773.1565621811584007627@ietfa.amsl.com> <CADaq8jcCB9g9v=h4iXu1f6=cAsU7wMdmfh31gCQKvEFw2eG=rA@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
X-Mailer: Apple Mail (2.3445.104.8)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9229 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904160112
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9229 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904160112
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/3Ebg-1JGsgwam_zxtAIr9cO1Xyw>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-rpc-tls-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 17:12:02 -0000

> On Apr 16, 2019, at 1:09 PM, David Noveck <davenoveck@gmail.com> wrote:
> 
> I'm confused by the addition of the word "opportunistically" in the abstract.   This document defines an important way of providing security to RPC-based protocols such as NFSv4, so as to deal with the very real security problemms that these protocols have.    While these facilities can only be used when both client and the server provides support, I don't think that fact alone make the use of these facilties "opportunistic".    What exactlty is this word intended to imply?

"Opportunistic" is a term of art. See:

https://en.wikipedia.org/wiki/Opportunistic_TLS


> On Mon, Apr 15, 2019 at 1:48 PM <internet-drafts@ietf.org> wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network File System Version 4 WG of the IETF.
> 
>         Title           : Remote Procedure Call Encryption By Default
>         Authors         : Trond Myklebust
>                           Charles Lever
>         Filename        : draft-ietf-nfsv4-rpc-tls-01.txt
>         Pages           : 17
>         Date            : 2019-04-15
> 
> Abstract:
>    This document describes a mechanism that opportunistically enables
>    encryption of in-transit Remote Procedure Call (RPC) transactions
>    with minimal administrative overhead and full interoperation with ONC
>    RPC implementations that do not support this mechanism.  This
>    document updates RFC 5531.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rpc-tls/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-nfsv4-rpc-tls-01
> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-rpc-tls-01
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-rpc-tls-01
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
> 
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4

--
Chuck Lever

v2.23.0 | Report a Bug | By Email