Re: [nfsv4] Ben Campbell's Discuss on draft-ietf-nfsv4-minorversion2-39: (with DISCUSS and COMMENT)
"Ben Campbell" <ben@nostrum.com> Fri, 15 January 2016 04:46 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2D671A89FB; Thu, 14 Jan 2016 20:46:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IC_wJNHbkjzY; Thu, 14 Jan 2016 20:46:30 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C914A1ACEB3; Thu, 14 Jan 2016 20:46:30 -0800 (PST)
Received: from [10.0.1.10] (cpe-70-119-203-4.tx.res.rr.com [70.119.203.4]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id u0F4kMrT002181 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 14 Jan 2016 22:46:22 -0600 (CST) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-119-203-4.tx.res.rr.com [70.119.203.4] claimed to be [10.0.1.10]
From: Ben Campbell <ben@nostrum.com>
To: Tom Haynes <thomas.haynes@primarydata.com>
Date: Thu, 14 Jan 2016 22:46:21 -0600
Message-ID: <07A6DCA2-4939-4BE5-8A52-3A35EB0EF549@nostrum.com>
In-Reply-To: <0292C233-4BD2-496C-9D7E-7D61136D4DEE@primarydata.com>
References: <20160105041039.24450.918.idtracker@ietfa.amsl.com> <0292C233-4BD2-496C-9D7E-7D61136D4DEE@primarydata.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.3r5187)
Archived-At: <http://mailarchive.ietf.org/arch/msg/nfsv4/3WIENAjVPqeD5Fr8qQB_Owy9FSs>
Cc: The IESG <iesg@ietf.org>, draft-ietf-nfsv4-minorversion2@ietf.org, nfsv4@ietf.org, nfsv4-chairs@ietf.org
Subject: Re: [nfsv4] Ben Campbell's Discuss on draft-ietf-nfsv4-minorversion2-39: (with DISCUSS and COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jan 2016 04:46:32 -0000
Thanks for the response. Comments inline (I deleted sections that do not seem to need further discussion.) On 5 Jan 2016, at 18:37, Tom Haynes wrote: >> On Jan 4, 2016, at 8:10 PM, Ben Campbell <ben@nostrum.com> wrote: >> >> Ben Campbell has entered the following ballot position for >> draft-ietf-nfsv4-minorversion2-39: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut >> this >> introductory paragraph, however.) >> >> >> Please refer to >> https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-minorversion2/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> I have a couple of items I would like to see discussed prior to >> approval. >> Hopefully they can be resolved easily: >> > > Hi Ben, > > Proposals inline. > > >> - 12.1 says: >> >> "Id: The number assigned to the attribute. In the event of >> conflicts >> between the assigned number and [NFSv42xdr], the latter is likely >> authoritative, but should be resolved with Errata to this document >> and/or [NFSv42xdr]. See [IESG08] for the Errata process." >> >> This leaves a window open for considerable confusion down the road. >> Is >> there a reason not to just fix it now? > > Note that this was taken verbatim from RFC5661 and RFC5662. It seems odd there, too :-) > > >> This draft normatively depends on >> [NFSv42xdr] anyway, so why not completely delegate the assigned Id >> numbers to it? > > > How about: > > Id: The number assigned to the attribute. In the event of conflicts > between the assigned number and [NFSv42xdr], the latter is > authoritative, and should be resolved with Errata to this document. > See [IESG08] for the Errata process. That's better, and enough for me to clear the discuss. I'd still prefer to remove the reference to the errata process; the draft does not need to invoke that now to use it later. As it is, it gives the impression that it's not necessary to get this draft right, because we can fix it later. (Which I doubt very much is the intent.) In any case, I will not block further on it. > > > >> >> - 4.4.2, "The client SHOULD write back the data..." >> SHOULD seems weak for something where failure could result in data >> corruption. Are there ever situations where it might make sense not >> to do >> this? > > > I’m okay with making that a The sentence was cut off. I assume you were going to say "MUST"? (It's still a SHOULD in version 40.) > > >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> === Substantive Comments === >> [...] > > > >> -4.10.1.1, last paragraph: "Servers SHOULD reject..." >> Why not MUST? Do you envision circumstances where it might be okay to >> accept COPY_NOTIFY requests over insecure channels? Channels with >> other >> forms of privacy protection? > > Yes - for example such security may be provided with a network which > has restricted physical access. > > For NFSv4.x, we have a strong requirement that kerberos MUST be > supported, but we > have a weak requirement that it be deployed. > > See Section 2.2.1.1.1.2 of RFC5661. (I meant 40.10.2.1, but you seem to have found it anyway) I think it would help to have an explanation to that effect in the text. [...] > >> >> - 9.6.1.2, last paragraph: >> >> Why just MAY? does it ever make sense for a "Full Mode" >> implementation to >> not validate the security attributes? > > It is MAY because we don’t control the policies on the server - that > is a decision that may be controlled by the software or even by a > conjuration made by the administrator. > > “Full Mode” simply means that both the client and server may make > decisions. On re-reading this section, I think I understand this to mean that the implementation MAY (or MAY not) limit the security attributes acceptable from a certain _peer_, (as opposed to a certain user and/or resource). Given that, I think the MAY makes sense. [...]
- [nfsv4] Ben Campbell's Discuss on draft-ietf-nfsv… Ben Campbell
- Re: [nfsv4] Ben Campbell's Discuss on draft-ietf-… Tom Haynes
- Re: [nfsv4] Ben Campbell's Discuss on draft-ietf-… Ben Campbell