IETF Logo Mail Archive

Re: [nfsv4] Security document - sense of the working group

David Noveck <davenoveck@gmail.com> Tue, 30 January 2024 20:03 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25C8FC151061 for <nfsv4@ietfa.amsl.com>; Tue, 30 Jan 2024 12:03:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H-Ww-IloCJnu for <nfsv4@ietfa.amsl.com>; Tue, 30 Jan 2024 12:03:43 -0800 (PST)
Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A142C1CAF85 for <nfsv4@ietf.org>; Tue, 30 Jan 2024 12:02:31 -0800 (PST)
Received: by mail-qv1-xf34.google.com with SMTP id 6a1803df08f44-6869e87c8d8so24366456d6.2 for <nfsv4@ietf.org>; Tue, 30 Jan 2024 12:02:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706644950; x=1707249750; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=cL6Xb1NXZ0OXSEgDnTe85EGv2rK34iSPRXyvMJVRBBk=; b=DfGbPuUdfQDx9Yp0FjsKh9y/2jb/ao+3zrTqTXUmjwMBiwsD5X/eKp7ty88vA6c28Z wCL5SQKIS57g02ESmgwc+NaUN8dYHihK/vRAMbGULtpP2QBwDCoYQS0v1IBu+ICaBj9G n4wEAoQT8Z2z3/dDFpTE9ZVKrAwo14+ZSJXmbncEZ3No04PkiGslzucuhcRzW1x+FHkU aiGWZiP00a8YppaxQyoO5FFe99K+JOUbPPfQQWGrrycOu0/GiqZudRrI5GBsxvi6o9+S Dt6b0EFcm7TZceB0gov0qWuf+Oyt0YQcXRYGlRGZ7vIn+wsvZbWwaTbBqEwhAkX9h7BT srnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706644950; x=1707249750; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=cL6Xb1NXZ0OXSEgDnTe85EGv2rK34iSPRXyvMJVRBBk=; b=aHLA5hEICFcEnzgmOWIDUsvinLtYTjMBg/ZI/Ftt0D2Qitgj25zinEVWw+vbq2RX3R KoZxH3UqZEGceTLeHEy6eZz9XenSkz/MxEnLElxqAPfwluHnYLyYDny/jAF6lPzwz/Js UHLoCkDiKw0y34mprv5GWmzqmC3LiT9D5ihZ4MUcTc7aw/2Z0NoMkZ3sFYN8rZVmVFW3 ZYpBGrObII9SRFCX4oGPhOnuMD6Xji6vQUnoLGoiGisvxAvlzTScJOQsicOP6teqdOyn mwGwXC9Tg+OqzvE2bklmWznnvbXOUyRiSHs1k6DZaf9Hy5yzaKLliUVCexHdXD39wQYp VZVQ==
X-Gm-Message-State: AOJu0YyLrihCBA5QmqKeeoWiGF01hrr/z3LXSmFKv1nmfGRNGq9ogDiN Q2N/ect77QbQ3YdukZl0BIaJjNQ+quf7lYoCsYCclMtFAEN8k8w/+TntD8Aoy1CHwy4gaqskC0Z RGw6yRTKvVFAaQdrlAV14K0/+3P4=
X-Google-Smtp-Source: AGHT+IEX16Z/SSZaehUZR1Q4SxDEogWRpVKShsc/iI0s+EcvI0ajaT8k2Q7f1p5IGK3kkKQO5Jpw7Pdhc1MXu0/Bb0s=
X-Received: by 2002:ad4:5aa2:0:b0:685:7c23:1e0f with SMTP id u2-20020ad45aa2000000b006857c231e0fmr11422132qvg.10.1706644950368; Tue, 30 Jan 2024 12:02:30 -0800 (PST)
MIME-Version: 1.0
References: <7CFC98DA-BFC3-462D-861E-009BCE960F1C@cert.org> <CA49B26F-0F81-4290-8EEF-7FDE5B250CA1@gmail.com>
In-Reply-To: <CA49B26F-0F81-4290-8EEF-7FDE5B250CA1@gmail.com>
From: David Noveck <davenoveck@gmail.com>
Date: Tue, 30 Jan 2024 15:02:17 -0500
Message-ID: <CADaq8jcqe1yMQTjVzECvFfjSFdjMGpDH6UxkyYH_e31w++K9rA@mail.gmail.com>
To: Thomas Haynes <loghyr@gmail.com>
Cc: Chris Inacio <inacio@cert.org>, NFSv4 <nfsv4@ietf.org>, "Erasani, Pranoop" <Pranoop.Erasani@netapp.com>
Content-Type: multipart/alternative; boundary="0000000000000645ed06102f3ea3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/4iMxBHonmhggvztau8_PM9IkHyw>
Subject: Re: [nfsv4] Security document - sense of the working group
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2024 20:03:44 -0000

On Tue, Jan 30, 2024 at 12:43 PM Thomas Haynes <loghyr@gmail.com> wrote:

>
>
> On Jan 30, 2024, at 8:22 AM, Chris Inacio <inacio@cert.org> wrote:
>
> All,
>
> The chairs would like a sense of the working group with regards to the
> draft-dnoveck-nfsv4-security-07 (
> https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-security/) and
> adoption.  Please let us know if you think the working group collectively
> agrees to the body of work proposed in the draft.
>
> The sense of the chairs is that the working group does not have consensus
> on the scope or set of items presented in the current individual draft.  If
> that is the case, we would like to know what topics/items in the draft that
> you do support and which ones you do not believe are ready or that the WG
> will not be able to reach consensus on.  If there are steps that you think
> the working group should take towards clarity on any of those topics, the
> chairs are interested in hearing those too.
>
> Thanks,
> NFSv4 Chairs
>
> ----
> Chris Inacio
> inacio@cert.org
>
>
>
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4
>
>
>
> For me, the largest issue is whether vendors are required to revamp their
> implementations
>

They are not required to do so.   If you feel I am wrong, please cite a
specific instance where the existing -07 would require an existing
implementation to be revamped.


> when we effectively rewrite NFSv4.0, NFSv4.1, and NFSv4.2.
>

That is not what the document does.  If it did, the job would be easier.
 For example, we need information on existing ACL implementations to avoid
mandating incompatible changes but that work has started and willl need to
be completed once the document adoption is completed.

>
> I would propose that instead of the security changes being “backported” to
> the earlier versions,
>

What changes are you speaking of?  Please be specific.


> we make the security document apply to all future releases.
>

This leaves the problem of what to say about security in the needed
rfc5661bis.   I don't see how we can do a bis that either ignores
security entirely  or continues to ignore the security issues with using
AUTH_SYS in the clear.


> Perhaps to differentiate, we make it NFSv5. I.e., NFSv5 is secure NFS.
>

Aside from the charter issue nightmaare this would create,, making this an
entirely new protocol,, would open things up tp major XDR changes which
would be a consequence of a major version change.   We don't need to do
that and I don't thing the wg s prepared to do that..

We screwed some things up in this area  and need to fix our mistakes but an
approach which relies on an entirely new protocol,  would inevitably brand
NFSv4 as a complete failure.  I don't think we need to do that.

> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4
>

v2.23.0 | Report a Bug | By Email