IETF Logo Mail Archive

Re: [nfsv4] Comments on draft-ietf-nfsv4-integrity-measurement-07

spencer shepler <spencer.shepler@gmail.com> Tue, 29 October 2019 06:15 UTC

Return-Path: <spencer.shepler@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A49CC120013 for <nfsv4@ietfa.amsl.com>; Mon, 28 Oct 2019 23:15:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RnD2APZ7qVH4 for <nfsv4@ietfa.amsl.com>; Mon, 28 Oct 2019 23:15:26 -0700 (PDT)
Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37EF31200B6 for <nfsv4@ietf.org>; Mon, 28 Oct 2019 23:15:26 -0700 (PDT)
Received: by mail-lj1-x242.google.com with SMTP id c4so13882177lja.11 for <nfsv4@ietf.org>; Mon, 28 Oct 2019 23:15:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=d0teBgJ0TODXpLqvZl3frgSHjw/0osPDWY+c/sFe7gc=; b=SIOcuipcq9T26w0r1DxIHrdLzOUnMaXd0t/tcUL+QfBtEyrSjD1UyP1yRqxZUMjSj1 EqTeI47E267Pf/plDSXhI3mN0oc3P2+kjJIJO38d+JunJDc9jIyixKrH0y9U5OU+rPgu Ah9jATn317NbwswI+nj22mSJgHHHEqhwYfGlDVhOXoWCnnujplMH65ichN2SiJRLL+9T j9TwsLnXxWWkreIQwj8URQtbBYB7Be0eAhARVqHsqwCv3FmBqCPgS4bx8VIQN4pfsWwT H5HCWKPF1rQufSZLLsy+pLKHJKTAhq+a5HGO7YERSKW6OtdtLsqM76OpOOhtvGSq0DW6 ODNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=d0teBgJ0TODXpLqvZl3frgSHjw/0osPDWY+c/sFe7gc=; b=hHI2zUUVp4gh77LqVcb4FewRAcMV1Slpq7UFIBRnXV/9D+aePLJaAeq7ywgNmjVMXp 3lhHnnqfKtovTx/ASgZvapqs6+t5UDsAahOFvpFWFuaIGg7289i7V8eymbCksgwc78sd xo2T5mrrd2JOrcEiC2xfVotGmn3qdy2+YJjmoroBgiBfoY+sU8GOaAQ7A53seF5lsE58 s2BRIsi5DK8qVhNPRmdLDkT/4c2fSU4ZXm875WMoFOk5xj64HEMvg7jtMCfsLqIm5fei Yrkg2dA2NoLfRRZq7FkGITJPXNwOHvfnDGLgwjLPMDdc3LFhfhyyfeBds9N8oTgdH+2R 29oA==
X-Gm-Message-State: APjAAAVF0nrZSsFb2PMfAqCmsfq35a3/6+l572+sndUWrnOAfi1UFVRC M0Ghw8uiweH1Vw11TuXWYsKB4JAkm+6EiFBnwt0=
X-Google-Smtp-Source: APXvYqwMgexao9wawY4ksduvXcWtezcUKBM7s+7zV3iFbbgW1avQWnGU+zdLNYkCF5BocmLMvcQ/l88Io6WqzrD2pKw=
X-Received: by 2002:a2e:3003:: with SMTP id w3mr1104482ljw.208.1572329724301; Mon, 28 Oct 2019 23:15:24 -0700 (PDT)
MIME-Version: 1.0
References: <CAFt6BakApq=FJWs+r-jwxvTdXYs9yOg9KS47no93kdnp2gZ_+Q@mail.gmail.com> <9BEBDE7A-522A-4A6B-8132-D9C3A8A4922C@oracle.com> <CAFt6Ba=q=vSt+wtcHsi59gWnwFpuUaDqQue7f=GFSUvd25uV+g@mail.gmail.com> <BFDF314F-B913-4C4A-BAB4-C09FA840F4F6@oracle.com> <CADaq8jc_gM0SWe9weRJYp7s7xjtN9kihbVnUiBN61hF2LUJjzQ@mail.gmail.com> <FD12C92F-BBF4-4174-B896-48738C02B78E@oracle.com>
In-Reply-To: <FD12C92F-BBF4-4174-B896-48738C02B78E@oracle.com>
From: spencer shepler <spencer.shepler@gmail.com>
Date: Mon, 28 Oct 2019 23:15:12 -0700
Message-ID: <CAFt6BanwC4uu=9SpZQdiGjFswzkC3cSWPzGia34qBT5W+uuMNw@mail.gmail.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: David Noveck <davenoveck@gmail.com>, NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000afd77f0596068ad3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/4-IZd6AvU69tIcexg9CKroPO1dw>
Subject: Re: [nfsv4] Comments on draft-ietf-nfsv4-integrity-measurement-07
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2019 06:15:29 -0000

On Mon, Oct 28, 2019 at 1:05 PM Chuck Lever <chuck.lever@oracle.com> wrote:

>
>
> > On Oct 28, 2019, at 3:28 PM, David Noveck <davenoveck@gmail.com> wrote:
> >
> > > Appraisal is done at the point when file content is about to be used.
> > > With NFS, most frequently that would be on an NFS client system. That
> > > does not mean the NFS client implementation itself does the appraisal.
> >
> > Perhaps not but the fact is that if you want to have a client
> implementation
> > you need to know the formal so that appraisal can be done correctly.
>  The
> > fact that this is not within the Linucx Client as you would describe it
> is to me
> > a distinction without a difference.
> >
> > > Suppose an OS implementer wants to implement something that
> interoperates
> > > with Linux's IMA. It is up to that implementer to approach the Linux
> IMA
> > > community and get them to provide this information.
> >
> > That is the problem that people are concerned about.   I think some
> people
> > want one now  and I can see their point although I don't have any need
> for this
> > data.
>
> That's my problem with the request: no-one here has a real need
> for this metadata format except for Linux, where it is already
> implemented.
>
> The only fresh real-world need is to be able to store and transport
> this metadata on behalf of OS implementations that can generate and
> interpret it.
>
> Thus the additional request for a specific format definition seems
> specious to me.
>
>
> > > Does anyone have suggestions as to where the Linux IMA community should
> > > go to publish a standard describing the integrity metadata format?
> > > Maybe the Trusted Computing Group ? Somewhere else?
> >
> > I have no suggestions in this regard but am sure that if the Linux IMA
> community
> > were willing to do this it could find some place suitable.
> >
> > > Would it make sense to make up our own integrity metadata format just
> > > for NFS?
> >
> > No.
> >
> > > Or, perhaps we leave this explicitly to storage vendors to enable
> > > them to innovate.
> >
> > I don't see much much interest in that.
> >
> > > As the generation and appraisal of this metadata occurs
> > > outside of the filesystem, it is possible to provide plug-ins that
> handle
> > > this.
> >
> > But to interoperate successfully everybody's plug-in would have to
> implement the
> > same format.   That's why a specification of that format is needed to
> provide
> > interoperability.
> >
> > > The discussion in the room during IETF 105 suggested there was interest
> > > enough to move this document forward to publication.
> >
> > There was and there still is.
> >
> > > I thought this
> > > whole issue had been resolved at that time, as the conversation
> finished
> > > with an understanding that this was opaque metadata
> >
> > It did but apparently there were people not present who now feel that it
> cannot
> > be treated as totally opaque and needs to be documented.
> >
> > > the next step was WGLC.
> >
> > I still think it should be.   However, during WGLC, objections  will
> > inevitably be offered to the lack of a specfication of the integrity
> > metadata fomat.
>
> If the document is clear that this is a transport protocol, and treats
> the metadata as opaque, they should have the same reaction as others
> did during our conversation at IETF 105: that this is perfectly
> reasonable for a transport protocol.
>
>
> > While I don't need this and would prefer that
> > this go forward even without it, I don't feel that these objections
> > can simply be dismissed.
> >
> > > Of the two options, IMO option 1 is the only sensible one because there
> > > is no citable specification of what goes in the metadata.
> >
> > The alternative is to create one.   I don't understand why it is so
> difficult
> > given that there is an implementation that can be examined to determine
> > the format.
>
> The difficulty isn't that I can't look at the format and spell it out
> somewhere, but rather: If the IETF documents this format, then the IETF
> becomes responsible for publishing it as a standard. I don't think either
> the Linux community or the IETF wants to take this step with something so
> far outside of the purview of either the IETF or the nfsv4 WG. It ties
> everyone down -- and as mentioned above, there doesn't yet seem to be
> any need for that.
>
> In my earlier reply, I proposed breaking this process into two steps:
>
> 1. Specify how NFS is to transport IMA metadata in an IETF publication
> 2. Specify the Linux IMA metadata format itself in some other venue
>
> So then:
>
> 1. would be a Normative extension to the NFS protocol
>
> 2. might be published by the nfsv4 as an Informative description of the
> metadata format, in lieu of getting this published somewhere else. Think
> of it as an illustrative example rather than a hard specification.
>
> It still doesn't feel like it's the job of an inter-networking standards
> body to maintain this metadata data format specification, however.
>
> Does it make sense to publish either a separate Informative document or
> have an Appendix to this document that provides an Informative example
> that gives a specific format for Linux IMA metadata?
>

Chuck,

Given this last set of responses, you seem to be saying that the only
implementation of this capability will be with Linux and that you would be
surprised to find any other implementations that would need to implement
the support for this feature.

So, this is then clearly opening the door for the NFS protocol to be used
for implementation specific features and to the point that all that is
needed is an opaque attribute and possibly some error codes to go along
with it to achieve a side band protocol for that specific implementation.
And if anyone is interested in the feature, a pointer to some "open source"
is sufficient.

Well, I don't believe that is an appropriate use of the NFS protocol as
defined within the IETF.  I apologize if I have the characterization
incorrect and would be happy to hear otherwise.

There have been other implementations of this type of ride-a-long or
side-band protocol in the past.  The Solaris ACL protoocl for example - and
there are others.  To be honest, that seems to be what is needed for
Linux.  Just create a small RPC protocol that can ride on top of the NFS
port and shares the same file handles and it should be good to go.

Spencer

v2.23.0 | Report a Bug | By Email