IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-04.txt

"Everhart, Craig" <Craig.Everhart@netapp.com> Wed, 27 March 2019 15:58 UTC

Return-Path: <Craig.Everhart@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DFB51202EC for <nfsv4@ietfa.amsl.com>; Wed, 27 Mar 2019 08:58:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H53WYTj5WI9R for <nfsv4@ietfa.amsl.com>; Wed, 27 Mar 2019 08:58:45 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770080.outbound.protection.outlook.com [40.107.77.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13CF01202D1 for <nfsv4@ietf.org>; Wed, 27 Mar 2019 08:58:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zA4BcyiHNwlDrbXMBDHAC8u/R7ibsQbKPv/GhqEqgSU=; b=IkS5h2Kcz+Kq4hxdpHxsDpfHGveeIGC5N1Zk6MKUpqeSoEK/Bl2ATY0mayU/8XcQjpIG6vVHBtZ8TMpFVIvpd646/LacnM8oIwxstAEi3MjE9RBAbpD7KLimUE/jk/gfoCl3dWROJw3qm1zwKyCKTi8HJZvS8YZnX5ix3ZZHCdk=
Received: from BN6PR06MB3089.namprd06.prod.outlook.com (10.174.95.163) by BN6PR06MB2660.namprd06.prod.outlook.com (10.173.143.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1730.18; Wed, 27 Mar 2019 15:58:42 +0000
Received: from BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::614d:5426:9ae9:a9ae]) by BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::614d:5426:9ae9:a9ae%3]) with mapi id 15.20.1750.014; Wed, 27 Mar 2019 15:58:42 +0000
From: "Everhart, Craig" <Craig.Everhart@netapp.com>
To: Chuck Lever <chuck.lever@oracle.com>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-04.txt
Thread-Index: AQHU5KnYPSj1G3WIXECJR2FaUHHrcKYfjJSA///I9YCAAEpzgP//v4eA
Date: Wed, 27 Mar 2019 15:58:42 +0000
Message-ID: <078FEDA0-589E-498B-BB92-82AB38524378@netapp.com>
References: <155369706351.10340.6533824804685956005@ietfa.amsl.com> <D8F72FA0-A29B-49A8-B21D-7D696D0A35FD@oracle.com> <FABC29C7-7632-4489-968D-C2D2776D5861@netapp.com> <DFC8BF18-DF6B-4FB3-95C6-7F95AFDE3E34@oracle.com>
In-Reply-To: <DFC8BF18-DF6B-4FB3-95C6-7F95AFDE3E34@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.16.1.190220
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Craig.Everhart@netapp.com;
x-originating-ip: [216.240.30.4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e17c3d77-513d-4e58-32f2-08d6b2cd160a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN6PR06MB2660;
x-ms-traffictypediagnostic: BN6PR06MB2660:
x-ms-exchange-purlcount: 5
x-microsoft-antispam-prvs: <BN6PR06MB26601D8CC7CC2C39835C8F98F0580@BN6PR06MB2660.namprd06.prod.outlook.com>
x-forefront-prvs: 0989A7979C
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(366004)(396003)(39860400002)(376002)(346002)(189003)(199004)(6512007)(72206003)(8676002)(68736007)(58126008)(229853002)(6246003)(6506007)(102836004)(478600001)(7736002)(26005)(76176011)(105586002)(53546011)(82746002)(6436002)(81166006)(305945005)(6486002)(106356001)(186003)(6306002)(53936002)(6116002)(66066001)(3846002)(561944003)(71190400001)(83716004)(93886005)(2906002)(66574012)(316002)(86362001)(256004)(36756003)(81156014)(8936002)(33656002)(97736004)(14444005)(2616005)(446003)(5660300002)(11346002)(4326008)(476003)(25786009)(486006)(6916009)(99286004)(966005)(14454004)(71200400001)(5024004); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR06MB2660; H:BN6PR06MB3089.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: KEapS2nTmT3B7d7bXv8UHHajBQ1kZsdiy5CEZt+ljtqojtTh0Vkj72EqsC9/0h7bWkb47liv0W7M9yvrtME7Dc+6NDKWXHmda0W9AlqfL2Gimhs01rtfKg4Av8uEFe7CGPuSeiTHes/20UU+DaIdkHuXETUOn1jZKmdhVthLERQG8tSaJluScun9GS98Wf4yd6wvCj18tc4zxipNsTLBgx00iiBbsCKXFOkUA7Kh+500qxKoJyLhA68DZmP3bwI25LT6lhzgZBx0rbT5ay5Y6MaeRQDecVhQv19Qp5mCV8gKHPQgDgnu882jYkBEZ5BrrqjL3klMqZOs/OkKD5bl3kajfWSjAYlkfinFHtiPePm4xOevO0yGQGH4Gy94F8rpCvjFwhMPRxtBb49/2KbGRwmNP1D5rSmLlxDNJQdk4gE=
Content-Type: text/plain; charset="utf-8"
Content-ID: <00045CB2310EC44DB4FE7404F2000587@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: netapp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e17c3d77-513d-4e58-32f2-08d6b2cd160a
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2019 15:58:42.5569 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2660
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/4oVaiAhDLHv-k44kfE9ROnKlusI>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-04.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 15:58:48 -0000

Please leave my employer out of this.  They don't speak for me, and I don't speak for them.

Solely as an individual, I really want to know the answers to whether this proposal makes sense for the broadest interconnected NFS community; ideally the answers would be in this document and not in cited material.  Last I looked at the documents, if I recall correctly, they referred to an authority on a single machine, and not an authority that was expected to serve a broader community, let alone a collection of machines larger than a classic workgroup.  The discussion of "identity" is along the same lines: a 32-bit userid is no longer an identifier for a principal.  NFS4 generally realizes this, but there is no indication that the IMA world does.

		Craig Everhart


On 3/27/19, 11:49 AM, "Chuck Lever" <chuck.lever@oracle.com> wrote:

    NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
    
    
    
    
    > On Mar 27, 2019, at 11:23 AM, Everhart, Craig <Craig.Everhart@netapp.com> wrote:
    >
    > This version of the draft is at least more honest that it is simply an NFSv4 wrapper around one platform's implementation.  I admire the intellectual honesty.
    >
    > At the same time, a large amount is left unspecified:
    >       - how keyed hashes are applied or interpreted
    >       - what agents create or interpret "IMA metadata"
    >       - format and semantics for "IMA metadata"
    >
    > Because of this and other issues, the reader of this draft has no idea whether "IMA metadata" is portable from one Linux machine to another, or perhaps portable within some unspecified community boundary, or how to participate in this standard other than simply standing aside and hoping that Linux implementations do what one wishes that they would do.  For example, what is "the identity of the last modifier of a file's content"--is that an attribute that has meaning beyond a single machine's boundary?  How would one tell?  Even if assertions were made about it in prose, how would one tell in practice?  Does it even have meaning to carry one machine's "IMA metadata" to another participating machine?
    >
    > This is a set of semantic questions beyond the "IMA metadata format" question that is alluded to in the prose.
    >
    > I do not understand how the proposed extension is useful, and what use this OPTIONAL facility would have beyond a private community.
    
    I don't find your criticism to be fair. The Security Labels implementation
    added in NFSv4.2 takes the same approach, as does the proposed extension
    to support Linux extended attributes. I haven't heard any similar
    objection ("beyond a private community") to either precedent. OPTIONAL
    means you don't have to implement it if you don't agree with it.
    
    The document has unambiguous citations of material that explains how IMA
    works. Indeed, if you have questions beyond that, the implementation
    of IMA in Linux is open source, and there is an open mailing list where
    questions can be answered: linux-integrity@vger.kernel.org. I can't
    force you to read the cited material, but I also can't answer your
    questions any more clearly than that material already does.
    
    What's more, as your employer makes only NFS servers, and the responsibility
    of an NFS server is simply to store IMA metadata just as it stores file
    content and file names without interpretation, I haven't a clue what
    possible issue you could have with the current revision of this document
    and why you refuse to look at the references to further your understanding.
    
    Therefore I question whether you are truly interested in improving this
    proposal. Perhaps your only interest is in vetoing it? If it isn't, please
    make specific suggestions as to how I can resolve your concerns.
    
    
    >               Craig Everhart
    >
    >
    > On 3/27/19, 10:40 AM, "nfsv4 on behalf of Chuck Lever" <nfsv4-bounces@ietf.org on behalf of chuck.lever@oracle.com> wrote:
    >
    >    NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
    >
    >
    >
    >
    >> On Mar 27, 2019, at 10:31 AM, internet-drafts@ietf.org wrote:
    >>
    >>
    >> A New Internet-Draft is available from the on-line Internet-Drafts directories.
    >> This draft is a work item of the Network File System Version 4 WG of the IETF.
    >>
    >>       Title           : Integrity Measurement for Network File System version 4
    >>       Author          : Charles Lever
    >>      Filename        : draft-ietf-nfsv4-integrity-measurement-04.txt
    >>      Pages           : 13
    >>      Date            : 2019-03-27
    >>
    >> Abstract:
    >>  This document specifies an OPTIONAL extension to NFS version 4 minor
    >>  version 2 that enables Linux Integrity Measurement Architecture
    >>  metadata (IMA) to be conveyed between NFS version 4.2 servers and
    >>  clients.  Integrity measurement authenticates the creator of a file's
    >>  content and helps guarantee the content's integrity end-to-end from
    >>  creation to use.
    >>
    >>
    >> The IETF datatracker status page for this draft is:
    >> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/
    >>
    >> There are also htmlized versions available at:
    >> https://tools.ietf.org/html/draft-ietf-nfsv4-integrity-measurement-04
    >> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-integrity-measurement-04
    >>
    >> A diff from the previous version is available at:
    >> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-integrity-measurement-04
    >>
    >>
    >> Please note that it may take a couple of minutes from the time of submission
    >> until the htmlized version and diff are available at tools.ietf.org.
    >>
    >> Internet-Drafts are also available by anonymous FTP at:
    >> ftp://ftp.ietf.org/internet-drafts/
    >
    >    I recently created a prototype implementation in the Linux NFS
    >    server and client which can be found in the nfs-ima-prototype
    >    topic branch of
    >
    >    git://git.linux-nfs.org/projects/cel/cel-2.6.git
    >
    >
    >    Commenters seem to prefer a "Linux IMA" specific implementation
    >    over a generic file provenance implementation. Thus the prototype
    >    I created is specific to Linux IMA. The draft has been updated to
    >    reflect what the prototype implements.
    >
    >    All references to "file provenance" have been replaced with the
    >    original text that referred specifically to Linux IMA. The request
    >    to create a file provenance registry has been removed. The XDR
    >    definition has been updated likewise.
    >
    >    I've added an "Implementation Status" section that documents the
    >    existence of the Linux prototype.
    >
    >
    >    --
    >    Chuck Lever
    >
    >
    >
    >    _______________________________________________
    >    nfsv4 mailing list
    >    nfsv4@ietf.org
    >    https://www.ietf.org/mailman/listinfo/nfsv4
    >
    >
    
    --
    Chuck Lever

v2.23.0 | Report a Bug | By Email