IETF Logo Mail Archive

Re: [nfsv4] Request for WG Last Call

Thomas Haynes <loghyr@primarydata.com> Mon, 24 July 2017 21:32 UTC

Return-Path: <loghyr@primarydata.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2DB31204DA for <nfsv4@ietfa.amsl.com>; Mon, 24 Jul 2017 14:32:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.491
X-Spam-Level:
X-Spam-Status: No, score=-2.491 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=primarydata.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pxHfF3pEpGer for <nfsv4@ietfa.amsl.com>; Mon, 24 Jul 2017 14:32:53 -0700 (PDT)
Received: from us-smtp-delivery-194.mimecast.com (us-smtp-delivery-194.mimecast.com [216.205.24.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01DF3131F2F for <nfsv4@ietf.org>; Mon, 24 Jul 2017 14:32:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=PrimaryData.onmicrosoft.com; s=selector1-primarydata-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=moWncojbzjR1hRaqbD2w9mKDfZx8HTc42cqg6kucLY0=; b=YImJL4u3QqLoIsXeXucz95WRZ/6GWymPAFOMWeV9IqrYsEBpj3pq5GMHzdV0AUdgmsjTMmn1a2OKf6CSwmsV1fkha4NnCw6cv55JMDHTP6J9RgMDI9t0+iHj/sX9+WX/tGZpRHDGaj6pA4xKRZFlsUPWqW4UvWia+nYlmi56Vfo=
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02lp0024.outbound.protection.outlook.com [216.32.180.24]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-39-JyWA3nyKMYSdBcx15cZoyQ-1; Mon, 24 Jul 2017 17:32:49 -0400
Received: from BY2PR1101MB1093.namprd11.prod.outlook.com (10.164.166.21) by BY2PR1101MB1095.namprd11.prod.outlook.com (10.164.166.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1282.10; Mon, 24 Jul 2017 21:32:47 +0000
Received: from BY2PR1101MB1093.namprd11.prod.outlook.com ([10.164.166.21]) by BY2PR1101MB1093.namprd11.prod.outlook.com ([10.164.166.21]) with mapi id 15.01.1282.017; Mon, 24 Jul 2017 21:32:47 +0000
From: Thomas Haynes <loghyr@primarydata.com>
To: Olga Kornievskaia <aglo@citi.umich.edu>
CC: "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: [nfsv4] Request for WG Last Call
Thread-Index: AQHTAU9eKySaQ1lxaUGpqbJpYdAl+6JjgNiAgAAFUQA=
Date: Mon, 24 Jul 2017 21:32:47 +0000
Message-ID: <21B20FE1-A1A4-490B-AE29-04D6D779E906@primarydata.com>
References: <3D63CFB2-D6EC-4BD5-A735-724329A6252A@primarydata.com> <CAN-5tyFOzZqAXzCnkUeAKbxswth4GR5CH8CWL1qNtZR6y1xQ5A@mail.gmail.com>
In-Reply-To: <CAN-5tyFOzZqAXzCnkUeAKbxswth4GR5CH8CWL1qNtZR6y1xQ5A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [63.157.6.18]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2PR1101MB1095; 20:FTVcQUY5MYwmyj01UYEh1HVQWAdnLSEVjnbGaiGhl3sMu5C1qBvN6J9UdP0AzEJE63LqfZjS8GmO7aNTVZlfDTCe/7KkPNfsKUZ9peWfmz2Lr8r+plHYSj4fMjm6dxgSBz6eExIQp3T/s39/6cStz2p1Tuao3uQWzMyk1+Mmr9I=
x-ms-office365-filtering-correlation-id: 44b10bc8-3631-4d19-ae98-08d4d2db873b
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:BY2PR1101MB1095;
x-ms-traffictypediagnostic: BY2PR1101MB1095:
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(177329092695168);
x-microsoft-antispam-prvs: <BY2PR1101MB1095D05AF569E8EB73BCEB6BCEBB0@BY2PR1101MB1095.namprd11.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(2016111802025)(20161123564025)(20161123560025)(20161123555025)(6072148)(6043046)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY2PR1101MB1095; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY2PR1101MB1095;
x-forefront-prvs: 0378F1E47A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39410400002)(39400400002)(39830400002)(39450400003)(199003)(377454003)(24454002)(189002)(2950100002)(6916009)(478600001)(6506006)(86362001)(81156014)(33656002)(105586002)(66066001)(106356001)(102836003)(8936002)(6486002)(25786009)(7736002)(6116002)(3846002)(81166006)(8676002)(305945005)(4326008)(229853002)(68736007)(77096006)(6436002)(5660300001)(36756003)(6246003)(14454004)(6512007)(2171002)(99286003)(38730400002)(110136004)(53546010)(2900100001)(3280700002)(83716003)(82746002)(97736004)(101416001)(189998001)(3660700001)(2906002)(53936002)(54356999)(50986999)(76176999)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR1101MB1095; H:BY2PR1101MB1093.namprd11.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-ID: <9326AFB7795593429CDFB9900949A5E2@namprd11.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: primarydata.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jul 2017 21:32:47.2713 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 03193ed6-8726-4bb3-a832-18ab0d28adb7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR1101MB1095
X-MC-Unique: JyWA3nyKMYSdBcx15cZoyQ-1
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/3R44057pRu0vcAJqkIjxBFq7rVU>
Subject: Re: [nfsv4] Request for WG Last Call
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2017 21:32:55 -0000

> On Jul 24, 2017, at 2:13 PM, Olga Kornievskaia <aglo@citi.umich.edu> wrote:
> 
> My suggestion is to scrap Kerberos from 15.1.1 loosely coupled and
> just leave the synthetic uids fencing.
> 

And then I am stuck because it is very likely that during the IESG review will
most likely require that security be addressed.

fwiw - the KDC need not be on the same server as the MDS. 

My takeaway is that I need to rewrite the security sections.

Thanks

v2.23.0 | Report a Bug | By Email