IETF Logo Mail Archive

Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt

Rick Macklem <rmacklem@uoguelph.ca> Tue, 23 November 2021 23:09 UTC

Return-Path: <rmacklem@uoguelph.ca>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95C043A08F4; Tue, 23 Nov 2021 15:09:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uoguelph.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i-YRSg2puMPd; Tue, 23 Nov 2021 15:09:08 -0800 (PST)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-to1can01on0610.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5d::610]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 557023A08F2; Tue, 23 Nov 2021 15:09:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q2zAvNpPDy0dOxxPPLexW8ZWuGrmNFKeGaZ1mIIcdHaAS5ONev9f5QMO9y6zkGYFPGfqIlEBUlj4S3pr2BFnhKU3BexoyyKFgO1u7AbghtvQFxNNfI6YCZxAGzoNa1Hf/T5fAWSiE3lHrW7MpKZjRz6moWZBetzx20/2+axFvMGng7cAu89r6K3UY3ZsvJNtC9yYpFs8E88cptzjzqfsd59fM1TD9yQjNEMbigvxyNP7HZHI4Uof0/U5B8gkgF3gc4VcKLSmbtzt+EEaGcEgvd6xAhRWqRktAXb3VvN3/dZqkUhsKVGs8JJaAPiTfeRQUiFPRtHzyH8fBVmOxyjlPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wBFhLkIpIKDsZeAWtlzLETJHagWwaXR3NLR0lNrPr7c=; b=FrBVHLSuOFfQEJu2sx88yB+orjxO2TUeduB1BgJxq9knY0VVmgbOfp+XBmPreCVai+Ma4++PjP8ZEU4CMO+K09pzMF4TxgH3wGBjuebsR2qEYeudMf9E3rmXXFW1o6d70jdaFfAj2+6JuPCDHruDZQrwh4GpcBLslps2dAelT8d/mVBcojSEGrT/bGbuHSS1QIT/lHKhdpOUEH0nYZ6QpL8gYWeIxdN5rOxAZ+m9FKncWvUjy5545LKel0YsTQUYZEqH/z05sfSUyjjwEOaFsOS0fklyWkrMh0kY2yeDVkUDGFs1H8rFAm6xgIvjrE6p30jQDCPK0a6PcpwtgEHuKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wBFhLkIpIKDsZeAWtlzLETJHagWwaXR3NLR0lNrPr7c=; b=frv9spFa3gGmF2Dflbhn2D7kfm9/gzXjE0CJ4ZulxfwKO/quC6Upri8n6GuYlWpVKoqD8bq3UcRoFaD+x7r2jk/rIM0jgMzNGW/ZTeFbSfdELmDN/srdoP5hJ3yvJdt42IQyw9W//Xil5Fh4IB52R6X17L5lb0FUonupL1mDgI3TIG2f2GuK2uxpjr288fpCcph9XLpJ118Tw6jr/iIiYTAnALFluvgmLJOJT/O/TpUthTrT+SidUOUoa7u7Ea9JBqQqxY+MYAw0YH1T3CEe+5mmxq3y5sbb4rz4hsE2f6z9qQ+lAVyGblhNnJXHN099dbOk6o02psE+vdXr8uYH6A==
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:19::29) by YQXPR01MB5674.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:3b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.19; Tue, 23 Nov 2021 23:09:01 +0000
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::e56f:b7a2:3830:5706]) by YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::e56f:b7a2:3830:5706%3]) with mapi id 15.20.4713.026; Tue, 23 Nov 2021 23:08:55 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: David Noveck <davenoveck@gmail.com>, NFSv4 <nfsv4@ietf.org>, nfsv4-chairs <nfsv4-chairs@ietf.org>, "nfsv4-ads@ietf.org" <nfsv4-ads@ietf.org>
Thread-Topic: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt
Thread-Index: AQHX4HHNsS/W7IErZUGK3n//QZmiW6wRvNYe
Date: Tue, 23 Nov 2021 23:08:55 +0000
Message-ID: <YQXPR0101MB0968B7B6A62F1ED4CD1EAD12DD609@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
References: <163767514326.26555.17470749244218204323@ietfa.amsl.com> <CADaq8jes2WfwbXoy7D22gRwCh9Mw-Wrkdkugc9jbp3PNjb6jYA@mail.gmail.com>
In-Reply-To: <CADaq8jes2WfwbXoy7D22gRwCh9Mw-Wrkdkugc9jbp3PNjb6jYA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 1ea9220d-7033-591a-9ffd-ec5b6cbb8517
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uoguelph.ca;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3c2a41d9-cc15-47ed-50b3-08d9aed6391f
x-ms-traffictypediagnostic: YQXPR01MB5674:
x-microsoft-antispam-prvs: <YQXPR01MB567417DB0DB5AF933B26F86EDD609@YQXPR01MB5674.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ELu7FEiSbsa4Aqhzgk01NbyyIH+0/e/tz2yADT1EaLoAzKOLn8EXKcGOSGZ/J2p+WSekfOiHN3gUhlJlMOLzHrPCUyYxPODhkmXUfeiE/wdCNt+dSRPOboHYYFK0PLGECyT9OFNJuW2MrqjelxtS4l+YU6n4pTkCUwizb8TXfYW02VdXN46A0UtwrUjYkshx6DQZSmzcped+Ol7slTR3wsDSE5ya1sD9a3sew+QlcWUN9Jn0zFCOUZtaBgpQiv2gu90QuMR4mHkiJb9HOzbPJIGQThkjC1talORWes3ZGmG0f4t8e2xrKpJZDQ7WeNxmqbimkEK7a1NXmCywJm+OWh/a6SckNrbcpi+3oz8M55pobzBO1QF0Otl48ZFCqRs+///+rSk4aqHNz4DlSeDJd25f587IdKoC00LF4TaXzm54SlZ8FivCOG2gK8x5meSFUiXi6X5mDSypqbNEiCtvcKo98fAYC2Cr+OC3LP1EpY70BahIpLTou5B2BmScg8vGXCHyMA+PQnuBtdlrhW5vLia3g+L5DYngFrMp6pCib/SKIpLRacW9cFN53tZPjDgxzWxsXOD5Cc9gS6m1TiCXA+Xz+uQW2NuVvbioa1m76SNkDvvk24yPWqG4ViT5XCLwvqDJkBChxdnYiNZmE90odaxrLtIl/cvbhnnoeddPBvitgAQFhLHEYo3LQgfc43uYLwmGLFC/be+ovHoWVojqBiJd6rnYClyNDZvrDf4niqPA+Q9fCKmq2OJaxZ7KpIlftbWaumIOFxt2i5NtPulINubiGTvzRJO1pze/voqDQFg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(38100700002)(122000001)(26005)(15650500001)(66946007)(66556008)(9686003)(66446008)(52536014)(7696005)(8936002)(5660300002)(186003)(55016003)(6506007)(53546011)(38070700005)(2906002)(8676002)(86362001)(71200400001)(508600001)(83380400001)(110136005)(4001150100001)(76116006)(91956017)(33656002)(966005)(66476007)(64756008)(786003)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ckzOJTphiKKRnbWxmgD6YOmOm3CF7INHu5cP14mv23JguvMSMpeNs+n9YsfHt4IACiAPJHcAOxT1wVTi08W3OukjCuEtP3IY+16zPfwLwVIFfAW6PnNFBTIxeZ0SmKtSbdlVHDy1ARlI/LoP0MxPayOiiuyP4pkB/DnJKTuNuOZNt4S+Xi+fyA+dS7mFdUGVV14ZqK5RMrjDL0GmANuOJ2ybmhM5b/QbioYF8nBn/MnC5ye5PORw8RDDdJXAC0w/zlYKQGmU4APpatyA5/xI/HsqjJKVGGFWawM1Z+t+2t6xkdIRer+KYce2+BoC2yFVfFHm0Gsc1encVKFfnQSa3sS9vk526NJIxcdaeOzb+CcxaX0DkEWyx8HCaXVx3lTituKYvWfuC5sf6hP24HYs9pnsdK5V1fQRWYGKEt686NaU9b6x2OeP2xR3dShgtV5t2WvKvkm5AHWdCZZAAoH/0SF2T5p+VOSuGxz3NbPXPQxqBKb0JDYyq+mf5AdeaqwnhapVjHqXhDg7XQeGWLxMUKt8BChfdonehI8Lk0r43ISN/5wnvYfWEgTy1n4Pt5LJfmWJPnXsJ2ovxv4vQCemwhbTh7Apig0NYQoKmkPmFEyF0LPLK+Bna9JuxRcI0SPmVEiM5mHC58u7TY7TmvvIVEDZkQX/GmAVbGE7GH2vqlFCGe2eXZWQ8OQ3JVGNKCMB18YIk1Rmenju1C2kFlQ2iB1BpNsCnDUeN3D7TWeSvoCbrdnRJPtx+oBeTXYRDbYYrSMHAgbcM4lEVVLlH4A9i5Tfad6xYyZxnLcepTKmtrHNbmB1hfOhJTbWWRrdp6TiOZg3VKXydZSpP+CEBRRkGTq/v1OL8Wd3kZdUjG4dDqSym0ZgvwV+LUNirbgyFOAVbgNo2k3xj1BzeHeQ3F5BVUCa/JNPQuXyGDktavnRjVVWGeAZcTRC6F47yzdHh38ibFWHyp/wWFOM1Xvt8hvjH1XVHoZFQLggxGClRBjXnG826gsZerAqaNyrMMrwbS+4sf9XgrT0b6e0hjU9BBiULm8TXOrJgK8D40ay3EvTU4yducYtGzVDJJygkzD/6vISdCMlbEUH/33c96L0D9EkwK3T5++PGFjmQFKxb4bxAB1wu9TD+O6OWqW2zu3UO/LmvbRToWn++pUrBj9r3h3LhaoNIs8OEhXoNFWan3HtwCr2efqEUeyDTs6K80ZetVA6VyAIIWB1p+49AEuPLhI1788xRJywR56Jvj5el9hlBSEB+M4nGTLzHIKQNvuxdzmM/lvvhDAcf694QdlMwzCv4L7j1F30s70j96VGB3tkTEinXh0BLIiSPK0w6Qa04Ymj29F22yuQkyVDbkQWcr/83e86utzyvcbhxj8+v5uXg88jhoN9Thdpksz63LNsG75GYD/ofosf0ZBn7KJezmDplJIYbbLbuDlQgoqNEFYrHk8dGCFnn94DQcJOaHQ5eRiHc1wbITTRZyGOexNZuerwl/0XQ8VTWaB5HHgwojm4XbrPAum79/xUotdbu4bCLn0UWnhdOfVD9btKj9JYaQIbx4zf1+3L2cKbNnzdAO7kyr58uj5Hwhj8vdktYKbOEWer2nSE7RF5HYDz61FZ4BxqFw==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 3c2a41d9-cc15-47ed-50b3-08d9aed6391f
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Nov 2021 23:08:55.3654 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 5MzxlcHujOnKEkhyWJ4iOuy0v26DAdaSxXhDAlNc8NesVFHaFO/eQtD/6tTBhlAtgYjGniOa9g4eKfAFd7XOZA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR01MB5674
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/5B6CaCmEABoGSANP8HJ0OuzmBoE>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2021 23:09:14 -0000

On page 122, I'm guessing that one of these statements
is meant to be for "client peer"?

   *  XPCH_SVRAUTH restricts connections allowed to those that provide,
      at connection time authentication of the server peer.

   *  XPCH_CLAUTH restricts connections allowed to those that provide,
      at connection time authentication of the server peer.

rick, who is slowly working through the draft...

________________________________________
From: nfsv4 <nfsv4-bounces@ietf.org> on behalf of David Noveck <davenoveck@gmail.com>
Sent: Tuesday, November 23, 2021 8:55 AM
To: NFSv4; nfsv4-chairs; nfsv4-ads@ietf.org
Subject: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt

CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca


This is considerably different from -02 (1400 lines).  Still, a diff between -02 and -03 is useful to see where the changes/additions are, if you read -02.

---------- Forwarded message ---------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Tue, Nov 23, 2021 at 8:45 AM
Subject: New Version Notification for draft-dnoveck-nfsv4-security-03.txt
To: David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>>



A new version of I-D, draft-dnoveck-nfsv4-security-03.txt
has been successfully submitted by David Noveck and posted to the
IETF repository.

Name:           draft-dnoveck-nfsv4-security
Revision:       03
Title:          Security for the NFSv4 Protocols
Document date:  2021-11-23
Group:          Individual Submission
Pages:          139
URL:            https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-03.txt
Status:         https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-security/
Html:           https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-03.html
Htmlized:       https://datatracker.ietf.org/doc/html/draft-dnoveck-nfsv4-security
Diff:           https://www.ietf.org/rfcdiff?url2=draft-dnoveck-nfsv4-security-03

Abstract:
   This document describes the core security features of the NFSv4
   family of protocols, applying to all minor versions.  The discussion
   includes the use of security features provided by RPC on a per-
   connection basis.

   This preliminary version of the document, is intended, in large part,
   to result in working group discussion regarding existing NFSv4
   security issues and to provide a framework for addressing these
   issues and obtaining working group consensus regarding necessary
   changes.

   When a successor document is eventually published as an RFC, it will
   supersede the description of security appearing in existing minor
   version specification documents such as RFC 7530 and RFC 8881.




The IETF Secretariat

v2.23.0 | Report a Bug | By Email