IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt

Chuck Lever <chuck.lever@oracle.com> Thu, 27 September 2018 15:24 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B8B2127148 for <nfsv4@ietfa.amsl.com>; Thu, 27 Sep 2018 08:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.756
X-Spam-Level:
X-Spam-Status: No, score=-4.756 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i6q_KmMqLmDl for <nfsv4@ietfa.amsl.com>; Thu, 27 Sep 2018 08:24:14 -0700 (PDT)
Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6B0812F1A5 for <nfsv4@ietf.org>; Thu, 27 Sep 2018 08:24:14 -0700 (PDT)
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w8RFO1JC042868; Thu, 27 Sep 2018 15:24:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=+RJe5ToJ+9N7iOmaG6wq+qISHJo5WWK70I2X8Ul+Tmc=; b=5lL2AnVf0m4lgcbRvYSNsbQ5UiILyjg2yQWVOsooZEL3J9dRlRq5MyMSDn5nNc+q+tbU OSO0NKr6iDwm1XNUgA0lfN8LGfBThX2QtZSIwBlwM/fBg7VicY0iM2SGPJeQx8H+dLJW e1iI+dJy2AA7Nd1coks5rLC05uwMNTLowPqKZNo8IKndtB0KoXHQgASJo/mEt7ffImeu IamgjugUbYSiggwNf2Ilh8USaJ5+QwvsFYts/8k2ecCGabctoRoCAi+n4qQFeoCG3UVH eGpapbOwRRy6Zq5/ZEMF63I5PzLVnif3SslMWLYws1uWJWRRU+G17F/Rxwg3FnuZdzu9 UQ==
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2130.oracle.com with ESMTP id 2mnd5ttwah-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 27 Sep 2018 15:24:11 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w8RFOBnn018197 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 27 Sep 2018 15:24:11 GMT
Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w8RFOA3q006160; Thu, 27 Sep 2018 15:24:10 GMT
Received: from [10.71.9.255] (/8.25.222.2) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 27 Sep 2018 08:24:10 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <CADaq8jdRU1OJd6K4KOJWb6xE7OMakOAcbvsm0=eRwUPkkqeN0Q@mail.gmail.com>
Date: Thu, 27 Sep 2018 08:24:08 -0700
Cc: Bruce Fields <bfields@fieldses.org>, NFSv4 <nfsv4@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0A5E98C3-1AD9-4F84-A061-C4862D6FB3BE@oracle.com>
References: <153780090601.28221.16958675117475194416@ietfa.amsl.com> <CADE569F-8584-42CF-A297-E60956D368A2@oracle.com> <CAKKJt-fmB5psmtbm9PJTnhkZkZLCBnCVZnr3fMsf++exN5XObQ@mail.gmail.com> <20180926202157.GA826@fieldses.org> <1F2E60B5-E09F-4B33-8301-99C5E5A0F310@oracle.com> <CADaq8jdRU1OJd6K4KOJWb6xE7OMakOAcbvsm0=eRwUPkkqeN0Q@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9028 signatures=668707
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809270146
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/6xwtMXB3k8x8h88U3-HWs502hwo>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2018 15:24:17 -0000


> On Sep 27, 2018, at 2:55 AM, David Noveck <davenoveck@gmail.com> wrote:
> 
> > Why would it not be sufficient to implement client support? 
> 
> I think it is sufficient.
> 
> > Or, what do you believe might be missing in the draft?  
> 
> Not sure what Bruce had in mind but I think the problem is something that is in the draft that shouldn't be, rather than something missing.
> 
> >> How do you propose that an implementation would make the information
> >> self-describing?
> 
> > That is out of scope for this draft.  
> 
> If so, then so is "MUST (emphasis added) be self-describing".

I don't agree.

MUST means that we are stating a requirement for correct
interoperability. A self-describing FPI payload is a requirement
for interoperation. Implementers, as always, are free to ignore
this requirement.


> > But typically if an integrity service wanted to do this
> 
> If it were really a "MUST", then what an integrity service wants to do should be irrelevant.

I'm open to suggested replacement texts.


> On Wed, Sep 26, 2018 at 4:27 PM Chuck Lever <chuck.lever@oracle.com> wrote:
> 
> 
> > On Sep 26, 2018, at 1:21 PM, bfields@fieldses.org wrote:
> > 
> > On Mon, Sep 24, 2018 at 10:45:29AM -0500, Spencer Dawkins at IETF wrote:
> >> Hi, Chuck,
> >> On Mon, Sep 24, 2018 at 10:06 AM Chuck Lever <chuck.lever@oracle.com> wrote:
> >> 
> >>> 
> >>> 
> >>>> On Sep 24, 2018, at 7:55 AM, internet-drafts@ietf.org wrote:
> >>>> 
> >>>> 
> >>>> A New Internet-Draft is available from the on-line Internet-Drafts
> >>> directories.
> >>>> This draft is a work item of the Network File System Version 4 WG of the
> >>> IETF.
> >>>> 
> >>>>       Title           : File Content Provenance for Network File System
> >>> version 4
> >>>>       Author          : Charles Lever
> >>>>      Filename        : draft-ietf-nfsv4-integrity-measurement-01.txt
> >>>>      Pages           : 9
> >>>>      Date            : 2018-09-24
> >>>> 
> >>>> Abstract:
> >>>>  This document specifies an OPTIONAL extension to NFS version 4 minor
> >>>>  version 2 that enables file provenance information to be conveyed
> >>>>  between NFS version 4.2 servers and clients.  File provenance
> >>>>  information authenticates the creator of a file's content and helps
> >>>>  guarantee the content's integrity from creation to use.
> >>>> 
> >>>> 
> >>>> The IETF datatracker status page for this draft is:
> >>>> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/
> >>>> 
> >>>> There are also htmlized versions available at:
> >>>> https://tools.ietf.org/html/draft-ietf-nfsv4-integrity-measurement-01
> >>>> 
> >>> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-integrity-measurement-01
> >>>> 
> >>>> A diff from the previous version is available at:
> >>>> 
> >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-integrity-measurement-01
> >>>> 
> >>>> 
> >>>> Please note that it may take a couple of minutes from the time of
> >>> submission
> >>>> until the htmlized version and diff are available at tools.ietf.org.
> >>>> 
> >>>> Internet-Drafts are also available by anonymous FTP at:
> >>>> ftp://ftp.ietf.org/internet-drafts/
> >>> 
> >>> As a result of the discussion at IETF 102 and recent follow-ups
> >>> on this mailing list, I've made substantial changes to this
> >>> document.
> >>> 
> >>> - References to and discussion of Linux IMA have been replaced
> >>> throughout the document, with the exception of a single citation
> >>> as an informative example in the Introduction. IMA metadata is
> >>> now referred to generically using the term "file provenance
> >>> information".
> >>> 
> >>> - Integrity checking of file attributes is no longer an included
> >>> feature. There were some issues that made attribute integrity
> >>> not straightforward for NFS, especially without an existing
> >>> IMA/EVM standard even for local file systems. Attribute
> >>> integrity can still be addressed at a later time.
> >>> 
> >>> - The Introduction now makes a problem statement and discusses
> >>> use cases instead of explaining the mechanism of file integrity
> >>> checking. The new Introduction addresses the most common
> >>> questions I've received during previous review.
> >>> 
> >>> Spencer D. and other reviewers:
> >>> - Have previously stated interoperability concerns been addressed?
> >>> - Have normative citation requirements been sufficiently met?
> >>> 
> >> 
> >> Recognizing that I haven't done an AD Evaluation of this draft, but looking
> >> at the responses to my previous questions, I think dropping down to one
> >> explicit mention of IMA pointing to the best available reference is about
> >> right.
> > 
> >       "A keyed hash authenticates the identity of the last modifier of
> >       a file's content and serves as a strong check of the content's
> >       integrity.  For the purposes of this document, we will refer to
> >       this as file provenance information.  The Linux Integrity
> >       Measurement Architecture (IMA) is an example of a mechanism for
> >       assessing file content provenance [IMA-WP]."
> > 
> > I think it's also true that this draft is sufficient to allow a client
> > to support IMA?  That also seems worth mentioning.
> 
> I'm confused by your remark. I'm describing a transport
> protocol between a NFS client and server. Why would it
> not be sufficient to implement client support? Or, what
> do you believe might be missing in the draft?
> 
> 
> >       "To ensure interoperability among accessors of this information
> >       when it is stored on NFS version 4.2 servers, this information
> >       MUST be self- describing."
> > 
> > How do you propose that an implementation would make the information
> > self-describing?
> 
> That is out of scope for this draft.
> 
> But typically if an integrity service wanted to do this, it
> could use XML or JSON to describe the information, for example.
> 
> An HMAC has a particular structure (RFC 2104) that should be
> easy to recognize.
> 
> 
> > --b.
> > 
> >> 
> >> Thanks for making that change. It will be helpful during Last Call and IESG
> >> Evaluation.
> >> 
> >> Spencer (D)
> >> 
> >> 
> >>> 
> >>> I know time is precious, but even a cursory review of this new
> >>> revision would be helpful. It's wafer-thin!
> >>> 
> >>> --
> >>> Chuck Lever
> >>> 
> >>> 
> >>> 
> >>> 
> > 
> >> _______________________________________________
> >> nfsv4 mailing list
> >> nfsv4@ietf.org
> >> https://www.ietf.org/mailman/listinfo/nfsv4
> 
> --
> Chuck Lever
> 
> 
> 
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4

--
Chuck Lever

v2.23.0 | Report a Bug | By Email