Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt
Chuck Lever <chuck.lever@oracle.com> Thu, 27 September 2018 15:24 UTC
Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B8B2127148 for <nfsv4@ietfa.amsl.com>; Thu, 27 Sep 2018 08:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.756
X-Spam-Level:
X-Spam-Status: No, score=-4.756 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i6q_KmMqLmDl for <nfsv4@ietfa.amsl.com>; Thu, 27 Sep 2018 08:24:14 -0700 (PDT)
Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6B0812F1A5 for <nfsv4@ietf.org>; Thu, 27 Sep 2018 08:24:14 -0700 (PDT)
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w8RFO1JC042868; Thu, 27 Sep 2018 15:24:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=+RJe5ToJ+9N7iOmaG6wq+qISHJo5WWK70I2X8Ul+Tmc=; b=5lL2AnVf0m4lgcbRvYSNsbQ5UiILyjg2yQWVOsooZEL3J9dRlRq5MyMSDn5nNc+q+tbU OSO0NKr6iDwm1XNUgA0lfN8LGfBThX2QtZSIwBlwM/fBg7VicY0iM2SGPJeQx8H+dLJW e1iI+dJy2AA7Nd1coks5rLC05uwMNTLowPqKZNo8IKndtB0KoXHQgASJo/mEt7ffImeu IamgjugUbYSiggwNf2Ilh8USaJ5+QwvsFYts/8k2ecCGabctoRoCAi+n4qQFeoCG3UVH eGpapbOwRRy6Zq5/ZEMF63I5PzLVnif3SslMWLYws1uWJWRRU+G17F/Rxwg3FnuZdzu9 UQ==
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2130.oracle.com with ESMTP id 2mnd5ttwah-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 27 Sep 2018 15:24:11 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w8RFOBnn018197 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 27 Sep 2018 15:24:11 GMT
Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w8RFOA3q006160; Thu, 27 Sep 2018 15:24:10 GMT
Received: from [10.71.9.255] (/8.25.222.2) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 27 Sep 2018 08:24:10 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <CADaq8jdRU1OJd6K4KOJWb6xE7OMakOAcbvsm0=eRwUPkkqeN0Q@mail.gmail.com>
Date: Thu, 27 Sep 2018 08:24:08 -0700
Cc: Bruce Fields <bfields@fieldses.org>, NFSv4 <nfsv4@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0A5E98C3-1AD9-4F84-A061-C4862D6FB3BE@oracle.com>
References: <153780090601.28221.16958675117475194416@ietfa.amsl.com> <CADE569F-8584-42CF-A297-E60956D368A2@oracle.com> <CAKKJt-fmB5psmtbm9PJTnhkZkZLCBnCVZnr3fMsf++exN5XObQ@mail.gmail.com> <20180926202157.GA826@fieldses.org> <1F2E60B5-E09F-4B33-8301-99C5E5A0F310@oracle.com> <CADaq8jdRU1OJd6K4KOJWb6xE7OMakOAcbvsm0=eRwUPkkqeN0Q@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9028 signatures=668707
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809270146
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/6xwtMXB3k8x8h88U3-HWs502hwo>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2018 15:24:17 -0000
> On Sep 27, 2018, at 2:55 AM, David Noveck <davenoveck@gmail.com> wrote: > > > Why would it not be sufficient to implement client support? > > I think it is sufficient. > > > Or, what do you believe might be missing in the draft? > > Not sure what Bruce had in mind but I think the problem is something that is in the draft that shouldn't be, rather than something missing. > > >> How do you propose that an implementation would make the information > >> self-describing? > > > That is out of scope for this draft. > > If so, then so is "MUST (emphasis added) be self-describing". I don't agree. MUST means that we are stating a requirement for correct interoperability. A self-describing FPI payload is a requirement for interoperation. Implementers, as always, are free to ignore this requirement. > > But typically if an integrity service wanted to do this > > If it were really a "MUST", then what an integrity service wants to do should be irrelevant. I'm open to suggested replacement texts. > On Wed, Sep 26, 2018 at 4:27 PM Chuck Lever <chuck.lever@oracle.com> wrote: > > > > On Sep 26, 2018, at 1:21 PM, bfields@fieldses.org wrote: > > > > On Mon, Sep 24, 2018 at 10:45:29AM -0500, Spencer Dawkins at IETF wrote: > >> Hi, Chuck, > >> On Mon, Sep 24, 2018 at 10:06 AM Chuck Lever <chuck.lever@oracle.com> wrote: > >> > >>> > >>> > >>>> On Sep 24, 2018, at 7:55 AM, internet-drafts@ietf.org wrote: > >>>> > >>>> > >>>> A New Internet-Draft is available from the on-line Internet-Drafts > >>> directories. > >>>> This draft is a work item of the Network File System Version 4 WG of the > >>> IETF. > >>>> > >>>> Title : File Content Provenance for Network File System > >>> version 4 > >>>> Author : Charles Lever > >>>> Filename : draft-ietf-nfsv4-integrity-measurement-01.txt > >>>> Pages : 9 > >>>> Date : 2018-09-24 > >>>> > >>>> Abstract: > >>>> This document specifies an OPTIONAL extension to NFS version 4 minor > >>>> version 2 that enables file provenance information to be conveyed > >>>> between NFS version 4.2 servers and clients. File provenance > >>>> information authenticates the creator of a file's content and helps > >>>> guarantee the content's integrity from creation to use. > >>>> > >>>> > >>>> The IETF datatracker status page for this draft is: > >>>> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/ > >>>> > >>>> There are also htmlized versions available at: > >>>> https://tools.ietf.org/html/draft-ietf-nfsv4-integrity-measurement-01 > >>>> > >>> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-integrity-measurement-01 > >>>> > >>>> A diff from the previous version is available at: > >>>> > >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-integrity-measurement-01 > >>>> > >>>> > >>>> Please note that it may take a couple of minutes from the time of > >>> submission > >>>> until the htmlized version and diff are available at tools.ietf.org. > >>>> > >>>> Internet-Drafts are also available by anonymous FTP at: > >>>> ftp://ftp.ietf.org/internet-drafts/ > >>> > >>> As a result of the discussion at IETF 102 and recent follow-ups > >>> on this mailing list, I've made substantial changes to this > >>> document. > >>> > >>> - References to and discussion of Linux IMA have been replaced > >>> throughout the document, with the exception of a single citation > >>> as an informative example in the Introduction. IMA metadata is > >>> now referred to generically using the term "file provenance > >>> information". > >>> > >>> - Integrity checking of file attributes is no longer an included > >>> feature. There were some issues that made attribute integrity > >>> not straightforward for NFS, especially without an existing > >>> IMA/EVM standard even for local file systems. Attribute > >>> integrity can still be addressed at a later time. > >>> > >>> - The Introduction now makes a problem statement and discusses > >>> use cases instead of explaining the mechanism of file integrity > >>> checking. The new Introduction addresses the most common > >>> questions I've received during previous review. > >>> > >>> Spencer D. and other reviewers: > >>> - Have previously stated interoperability concerns been addressed? > >>> - Have normative citation requirements been sufficiently met? > >>> > >> > >> Recognizing that I haven't done an AD Evaluation of this draft, but looking > >> at the responses to my previous questions, I think dropping down to one > >> explicit mention of IMA pointing to the best available reference is about > >> right. > > > > "A keyed hash authenticates the identity of the last modifier of > > a file's content and serves as a strong check of the content's > > integrity. For the purposes of this document, we will refer to > > this as file provenance information. The Linux Integrity > > Measurement Architecture (IMA) is an example of a mechanism for > > assessing file content provenance [IMA-WP]." > > > > I think it's also true that this draft is sufficient to allow a client > > to support IMA? That also seems worth mentioning. > > I'm confused by your remark. I'm describing a transport > protocol between a NFS client and server. Why would it > not be sufficient to implement client support? Or, what > do you believe might be missing in the draft? > > > > "To ensure interoperability among accessors of this information > > when it is stored on NFS version 4.2 servers, this information > > MUST be self- describing." > > > > How do you propose that an implementation would make the information > > self-describing? > > That is out of scope for this draft. > > But typically if an integrity service wanted to do this, it > could use XML or JSON to describe the information, for example. > > An HMAC has a particular structure (RFC 2104) that should be > easy to recognize. > > > > --b. > > > >> > >> Thanks for making that change. It will be helpful during Last Call and IESG > >> Evaluation. > >> > >> Spencer (D) > >> > >> > >>> > >>> I know time is precious, but even a cursory review of this new > >>> revision would be helpful. It's wafer-thin! > >>> > >>> -- > >>> Chuck Lever > >>> > >>> > >>> > >>> > > > >> _______________________________________________ > >> nfsv4 mailing list > >> nfsv4@ietf.org > >> https://www.ietf.org/mailman/listinfo/nfsv4 > > -- > Chuck Lever > > > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4 -- Chuck Lever
- [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-me… internet-drafts
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Spencer Dawkins at IETF
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… J. Bruce Fields
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Bruce Fields
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… David Noveck
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Bruce Fields
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Bruce Fields
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Quigley, David
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever