Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt
Rick Macklem <rmacklem@uoguelph.ca> Tue, 23 November 2021 23:09 UTC
Return-Path: <rmacklem@uoguelph.ca>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C043A08F4; Tue, 23 Nov 2021 15:09:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uoguelph.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-YRSg2puMPd; Tue, 23 Nov 2021 15:09:08 -0800 (PST)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-to1can01on0610.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5d::610]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 557023A08F2; Tue, 23 Nov 2021 15:09:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q2zAvNpPDy0dOxxPPLexW8ZWuGrmNFKeGaZ1mIIcdHaAS5ONev9f5QMO9y6zkGYFPGfqIlEBUlj4S3pr2BFnhKU3BexoyyKFgO1u7AbghtvQFxNNfI6YCZxAGzoNa1Hf/T5fAWSiE3lHrW7MpKZjRz6moWZBetzx20/2+axFvMGng7cAu89r6K3UY3ZsvJNtC9yYpFs8E88cptzjzqfsd59fM1TD9yQjNEMbigvxyNP7HZHI4Uof0/U5B8gkgF3gc4VcKLSmbtzt+EEaGcEgvd6xAhRWqRktAXb3VvN3/dZqkUhsKVGs8JJaAPiTfeRQUiFPRtHzyH8fBVmOxyjlPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wBFhLkIpIKDsZeAWtlzLETJHagWwaXR3NLR0lNrPr7c=; b=FrBVHLSuOFfQEJu2sx88yB+orjxO2TUeduB1BgJxq9knY0VVmgbOfp+XBmPreCVai+Ma4++PjP8ZEU4CMO+K09pzMF4TxgH3wGBjuebsR2qEYeudMf9E3rmXXFW1o6d70jdaFfAj2+6JuPCDHruDZQrwh4GpcBLslps2dAelT8d/mVBcojSEGrT/bGbuHSS1QIT/lHKhdpOUEH0nYZ6QpL8gYWeIxdN5rOxAZ+m9FKncWvUjy5545LKel0YsTQUYZEqH/z05sfSUyjjwEOaFsOS0fklyWkrMh0kY2yeDVkUDGFs1H8rFAm6xgIvjrE6p30jQDCPK0a6PcpwtgEHuKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wBFhLkIpIKDsZeAWtlzLETJHagWwaXR3NLR0lNrPr7c=; b=frv9spFa3gGmF2Dflbhn2D7kfm9/gzXjE0CJ4ZulxfwKO/quC6Upri8n6GuYlWpVKoqD8bq3UcRoFaD+x7r2jk/rIM0jgMzNGW/ZTeFbSfdELmDN/srdoP5hJ3yvJdt42IQyw9W//Xil5Fh4IB52R6X17L5lb0FUonupL1mDgI3TIG2f2GuK2uxpjr288fpCcph9XLpJ118Tw6jr/iIiYTAnALFluvgmLJOJT/O/TpUthTrT+SidUOUoa7u7Ea9JBqQqxY+MYAw0YH1T3CEe+5mmxq3y5sbb4rz4hsE2f6z9qQ+lAVyGblhNnJXHN099dbOk6o02psE+vdXr8uYH6A==
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:19::29) by YQXPR01MB5674.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:3b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19; Tue, 23 Nov 2021 23:09:01 +0000
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::e56f:b7a2:3830:5706]) by YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::e56f:b7a2:3830:5706%3]) with mapi id 15.20.4713.026; Tue, 23 Nov 2021 23:08:55 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: David Noveck <davenoveck@gmail.com>, NFSv4 <nfsv4@ietf.org>, nfsv4-chairs <nfsv4-chairs@ietf.org>, "nfsv4-ads@ietf.org" <nfsv4-ads@ietf.org>
Thread-Topic: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt
Thread-Index: AQHX4HHNsS/W7IErZUGK3n//QZmiW6wRvNYe
Date: Tue, 23 Nov 2021 23:08:55 +0000
Message-ID: <YQXPR0101MB0968B7B6A62F1ED4CD1EAD12DD609@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
References: <163767514326.26555.17470749244218204323@ietfa.amsl.com> <CADaq8jes2WfwbXoy7D22gRwCh9Mw-Wrkdkugc9jbp3PNjb6jYA@mail.gmail.com>
In-Reply-To: <CADaq8jes2WfwbXoy7D22gRwCh9Mw-Wrkdkugc9jbp3PNjb6jYA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 1ea9220d-7033-591a-9ffd-ec5b6cbb8517
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uoguelph.ca;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3c2a41d9-cc15-47ed-50b3-08d9aed6391f
x-ms-traffictypediagnostic: YQXPR01MB5674:
x-microsoft-antispam-prvs: <YQXPR01MB567417DB0DB5AF933B26F86EDD609@YQXPR01MB5674.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ELu7FEiSbsa4Aqhzgk01NbyyIH+0/e/tz2yADT1EaLoAzKOLn8EXKcGOSGZ/J2p+WSekfOiHN3gUhlJlMOLzHrPCUyYxPODhkmXUfeiE/wdCNt+dSRPOboHYYFK0PLGECyT9OFNJuW2MrqjelxtS4l+YU6n4pTkCUwizb8TXfYW02VdXN46A0UtwrUjYkshx6DQZSmzcped+Ol7slTR3wsDSE5ya1sD9a3sew+QlcWUN9Jn0zFCOUZtaBgpQiv2gu90QuMR4mHkiJb9HOzbPJIGQThkjC1talORWes3ZGmG0f4t8e2xrKpJZDQ7WeNxmqbimkEK7a1NXmCywJm+OWh/a6SckNrbcpi+3oz8M55pobzBO1QF0Otl48ZFCqRs+///+rSk4aqHNz4DlSeDJd25f587IdKoC00LF4TaXzm54SlZ8FivCOG2gK8x5meSFUiXi6X5mDSypqbNEiCtvcKo98fAYC2Cr+OC3LP1EpY70BahIpLTou5B2BmScg8vGXCHyMA+PQnuBtdlrhW5vLia3g+L5DYngFrMp6pCib/SKIpLRacW9cFN53tZPjDgxzWxsXOD5Cc9gS6m1TiCXA+Xz+uQW2NuVvbioa1m76SNkDvvk24yPWqG4ViT5XCLwvqDJkBChxdnYiNZmE90odaxrLtIl/cvbhnnoeddPBvitgAQFhLHEYo3LQgfc43uYLwmGLFC/be+ovHoWVojqBiJd6rnYClyNDZvrDf4niqPA+Q9fCKmq2OJaxZ7KpIlftbWaumIOFxt2i5NtPulINubiGTvzRJO1pze/voqDQFg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(38100700002)(122000001)(26005)(15650500001)(66946007)(66556008)(9686003)(66446008)(52536014)(7696005)(8936002)(5660300002)(186003)(55016003)(6506007)(53546011)(38070700005)(2906002)(8676002)(86362001)(71200400001)(508600001)(83380400001)(110136005)(4001150100001)(76116006)(91956017)(33656002)(966005)(66476007)(64756008)(786003)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ckzOJTphiKKRnbWxmgD6YOmOm3CF7INHu5cP14mv23JguvMSMpeNs+n9YsfHt4IACiAPJHcAOxT1wVTi08W3OukjCuEtP3IY+16zPfwLwVIFfAW6PnNFBTIxeZ0SmKtSbdlVHDy1ARlI/LoP0MxPayOiiuyP4pkB/DnJKTuNuOZNt4S+Xi+fyA+dS7mFdUGVV14ZqK5RMrjDL0GmANuOJ2ybmhM5b/QbioYF8nBn/MnC5ye5PORw8RDDdJXAC0w/zlYKQGmU4APpatyA5/xI/HsqjJKVGGFWawM1Z+t+2t6xkdIRer+KYce2+BoC2yFVfFHm0Gsc1encVKFfnQSa3sS9vk526NJIxcdaeOzb+CcxaX0DkEWyx8HCaXVx3lTituKYvWfuC5sf6hP24HYs9pnsdK5V1fQRWYGKEt686NaU9b6x2OeP2xR3dShgtV5t2WvKvkm5AHWdCZZAAoH/0SF2T5p+VOSuGxz3NbPXPQxqBKb0JDYyq+mf5AdeaqwnhapVjHqXhDg7XQeGWLxMUKt8BChfdonehI8Lk0r43ISN/5wnvYfWEgTy1n4Pt5LJfmWJPnXsJ2ovxv4vQCemwhbTh7Apig0NYQoKmkPmFEyF0LPLK+Bna9JuxRcI0SPmVEiM5mHC58u7TY7TmvvIVEDZkQX/GmAVbGE7GH2vqlFCGe2eXZWQ8OQ3JVGNKCMB18YIk1Rmenju1C2kFlQ2iB1BpNsCnDUeN3D7TWeSvoCbrdnRJPtx+oBeTXYRDbYYrSMHAgbcM4lEVVLlH4A9i5Tfad6xYyZxnLcepTKmtrHNbmB1hfOhJTbWWRrdp6TiOZg3VKXydZSpP+CEBRRkGTq/v1OL8Wd3kZdUjG4dDqSym0ZgvwV+LUNirbgyFOAVbgNo2k3xj1BzeHeQ3F5BVUCa/JNPQuXyGDktavnRjVVWGeAZcTRC6F47yzdHh38ibFWHyp/wWFOM1Xvt8hvjH1XVHoZFQLggxGClRBjXnG826gsZerAqaNyrMMrwbS+4sf9XgrT0b6e0hjU9BBiULm8TXOrJgK8D40ay3EvTU4yducYtGzVDJJygkzD/6vISdCMlbEUH/33c96L0D9EkwK3T5++PGFjmQFKxb4bxAB1wu9TD+O6OWqW2zu3UO/LmvbRToWn++pUrBj9r3h3LhaoNIs8OEhXoNFWan3HtwCr2efqEUeyDTs6K80ZetVA6VyAIIWB1p+49AEuPLhI1788xRJywR56Jvj5el9hlBSEB+M4nGTLzHIKQNvuxdzmM/lvvhDAcf694QdlMwzCv4L7j1F30s70j96VGB3tkTEinXh0BLIiSPK0w6Qa04Ymj29F22yuQkyVDbkQWcr/83e86utzyvcbhxj8+v5uXg88jhoN9Thdpksz63LNsG75GYD/ofosf0ZBn7KJezmDplJIYbbLbuDlQgoqNEFYrHk8dGCFnn94DQcJOaHQ5eRiHc1wbITTRZyGOexNZuerwl/0XQ8VTWaB5HHgwojm4XbrPAum79/xUotdbu4bCLn0UWnhdOfVD9btKj9JYaQIbx4zf1+3L2cKbNnzdAO7kyr58uj5Hwhj8vdktYKbOEWer2nSE7RF5HYDz61FZ4BxqFw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c2a41d9-cc15-47ed-50b3-08d9aed6391f
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2021 23:08:55.3654 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5MzxlcHujOnKEkhyWJ4iOuy0v26DAdaSxXhDAlNc8NesVFHaFO/eQtD/6tTBhlAtgYjGniOa9g4eKfAFd7XOZA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR01MB5674
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/5B6CaCmEABoGSANP8HJ0OuzmBoE>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 23:09:14 -0000
On page 122, I'm guessing that one of these statements is meant to be for "client peer"? * XPCH_SVRAUTH restricts connections allowed to those that provide, at connection time authentication of the server peer. * XPCH_CLAUTH restricts connections allowed to those that provide, at connection time authentication of the server peer. rick, who is slowly working through the draft... ________________________________________ From: nfsv4 <nfsv4-bounces@ietf.org> on behalf of David Noveck <davenoveck@gmail.com> Sent: Tuesday, November 23, 2021 8:55 AM To: NFSv4; nfsv4-chairs; nfsv4-ads@ietf.org Subject: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca This is considerably different from -02 (1400 lines). Still, a diff between -02 and -03 is useful to see where the changes/additions are, if you read -02. ---------- Forwarded message --------- From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> Date: Tue, Nov 23, 2021 at 8:45 AM Subject: New Version Notification for draft-dnoveck-nfsv4-security-03.txt To: David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>> A new version of I-D, draft-dnoveck-nfsv4-security-03.txt has been successfully submitted by David Noveck and posted to the IETF repository. Name: draft-dnoveck-nfsv4-security Revision: 03 Title: Security for the NFSv4 Protocols Document date: 2021-11-23 Group: Individual Submission Pages: 139 URL: https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-03.txt Status: https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-security/ Html: https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-03.html Htmlized: https://datatracker.ietf.org/doc/html/draft-dnoveck-nfsv4-security Diff: https://www.ietf.org/rfcdiff?url2=draft-dnoveck-nfsv4-security-03 Abstract: This document describes the core security features of the NFSv4 family of protocols, applying to all minor versions. The discussion includes the use of security features provided by RPC on a per- connection basis. This preliminary version of the document, is intended, in large part, to result in working group discussion regarding existing NFSv4 security issues and to provide a framework for addressing these issues and obtaining working group consensus regarding necessary changes. When a successor document is eventually published as an RFC, it will supersede the description of security appearing in existing minor version specification documents such as RFC 7530 and RFC 8881. The IETF Secretariat
- [nfsv4] Fwd: New Version Notification for draft-d… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… bfields
- Re: [nfsv4] Fwd: New Version Notification for dra… bfields
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… J. Bruce Fields
- Re: [nfsv4] New Version Notification for draft-dn… Trond Myklebust
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem