IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-02.txt

"Everhart, Craig" <Craig.Everhart@netapp.com> Tue, 09 October 2018 15:56 UTC

Return-Path: <Craig.Everhart@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E0DF13134F for <nfsv4@ietfa.amsl.com>; Tue, 9 Oct 2018 08:56:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JaDuuj7UoQV7 for <nfsv4@ietfa.amsl.com>; Tue, 9 Oct 2018 08:56:43 -0700 (PDT)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-co1nam05on0600.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe50::600]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0325213127A for <nfsv4@ietf.org>; Tue, 9 Oct 2018 08:56:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/hbwAtnEWZgtJSL6c38IoIOtfl7qC24c9AJ1HHjIDJU=; b=oKcUaEX8kr6TehoSgFg/RK+RcUnrCeuEzbPIJ1I2usWFGhnZNGfpJR/gB6xf9MvFpr9D2k+ZVPwJ9Dibf8oEme3uTX7O40Y4oowcpBChPKbLEucxR4Vr7E+UavkBHnDICNYOhMCwdEimWQ75jUo8wyxSFnM1GkVdMA4jrN90YRw=
Received: from BN6PR06MB3089.namprd06.prod.outlook.com (10.174.95.163) by BN6PR06MB3219.namprd06.prod.outlook.com (10.174.232.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.21; Tue, 9 Oct 2018 15:56:41 +0000
Received: from BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::8935:a8ae:f256:fe6]) by BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::8935:a8ae:f256:fe6%5]) with mapi id 15.20.1207.024; Tue, 9 Oct 2018 15:56:41 +0000
From: "Everhart, Craig" <Craig.Everhart@netapp.com>
To: Chuck Lever <chucklever@gmail.com>
CC: "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-02.txt
Thread-Index: AQHUXxdeq4VZRMmWm0utjltynZGocaUVO2KAgABSTgD//80uAIAAZzMA///VaQCAAXKbgP//xgMA
Date: Tue, 09 Oct 2018 15:56:41 +0000
Message-ID: <0EE39C45-04CE-4D23-A54C-3D56DB902E3F@netapp.com>
References: <153901060913.16390.8389561648327812120@ietfa.amsl.com> <23D33FE9-54F9-40CB-AC41-23EC15603E47@netapp.com> <BACFE07D-B843-485F-97EE-4D36ABAB356F@gmail.com> <55FF4CA0-BB68-44F1-AFAC-DD1E0F9443C2@netapp.com> <B89BBD1B-C06B-4694-BB78-8BFE3B04EC36@gmail.com> <080D3CB4-1120-4BA5-9ED1-037589BCB0CF@netapp.com> <0B7D2395-5E79-48CD-ADA1-E80A7C6F2073@gmail.com>
In-Reply-To: <0B7D2395-5E79-48CD-ADA1-E80A7C6F2073@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.11.0.180909
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Craig.Everhart@netapp.com;
x-originating-ip: [216.240.30.4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR06MB3219; 6:DCmyOE0ulPSMTBVU4vTzLw616m6qkgxeoe+Z20n24DR++eSyfU9bM7o8fbP/FUtMgMt7qn/Nc/YNoApkiRn/u29RiCuZMWFJVce977Jw894vEkSgcv5sktlD/G8qSqTcNmzWIa7RNl5lI2uRsVDFgLStES/UA+pC9ox2n3BmKQdonxljIC8k/NnrqZFOwGZt6pdyDDqRt5BlPZ5ysLhohcXlgZ/BhBCnzr1W/X9bBnvx7fJi3VqcwaYu02PIUOJ7ZGKfWlaiKBalvTZyBMegsAH7uvrcuiT2djfcMfwaN5pHDAK/JEN0pEQd/Ua2nJ/utugWBd1f/PzOUgpMKfizyNjR/3ifDngWZwNDdkEzdwEUzJAGcejwncHsX/XLQQnGXEf2GbuMViMcdD+W6U7+YA5DOKE8xaRFGAedvjtOgagy0+wytnQnB3dJJ9zele0ybGha4qLroMpEX6OwquwB8g==; 5:HPyDTQgrPMCelyA4ThWOrVzbN4pJbatFLmbuGpq9rRIQ4zqLBgwQkDoI9RJ2WCEbUkZSKdTW5KjlcLwq3cf4t44q3IxYoZQHYBVkUuGtRll0WUSn5QvlMWauop13Y1KJXDZSPo4FOBRC/me1M7LKTojemVdMutJwJVuteTPVAhI=; 7:8ruLO650DvUGAp45pJxln5td3X3GholHU69MX5+NttHe5lu220NDZ7D27qxqfuguXDOTSUHURW+Mo4Bs6OtoKamSow1LfNEiVEZ5Dan25W2xkaE3wv8ZqBm68C2RlhMKQqQi2d8O+Xbghg/ZSiUCGpMqMW3boQD146SqpUxHC8O9Zl+1VgjdWzYo5fXpPHtD3jj+lSrsKaR1vncwU5Kcnjda7XJSgetqfBKCcOQUMqPP3qVl6teZvCePiEsaiev5
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 836b4566-fc30-4c07-1995-08d62dffcde1
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7193020); SRVR:BN6PR06MB3219;
x-ms-traffictypediagnostic: BN6PR06MB3219:
x-microsoft-antispam-prvs: <BN6PR06MB321967550805A0532787F017F0E70@BN6PR06MB3219.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231355)(944501410)(52105095)(10201501046)(3002001)(6055026)(149066)(150057)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(20161123562045)(201708071742011)(7699051); SRVR:BN6PR06MB3219; BCL:0; PCL:0; RULEID:; SRVR:BN6PR06MB3219;
x-forefront-prvs: 08200063E9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(366004)(39860400002)(346002)(396003)(189003)(199004)(58126008)(72206003)(4326008)(5660300001)(33656002)(6916009)(1411001)(6246003)(14454004)(76176011)(316002)(68736007)(8676002)(81156014)(8936002)(81166006)(66066001)(6506007)(82746002)(83716004)(5250100002)(3846002)(6116002)(99286004)(71200400001)(97736004)(478600001)(39060400002)(71190400001)(6486002)(93886005)(36756003)(106356001)(105586002)(7736002)(25786009)(2906002)(229853002)(53936002)(6512007)(6436002)(256004)(476003)(26005)(14444005)(186003)(2900100001)(305945005)(486006)(86362001)(446003)(2616005)(11346002)(102836004); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR06MB3219; H:BN6PR06MB3089.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: bvqYHACNWUgVlz3B3bTMym0Kff0Oh0fwRgxKYMXOKK5wHpzErDFB2Iw3ababtkzw54zwD0XS3ggjoqsQb7Tn3cLrje82u0ULyfo8qrqqBdkX1vivvhr0VQN92BaQcN1/rk6xZXHo/6/qt7kIIZyCSR0X+ZL2188Y46E/KJ9ASwJnovxGpJhgDx1MDY7OM/CwIJ/D84geQ2PNynO4GV/nnS2Rq0h2hr1fN+GN0gU7O1IuyJZ57qzYrQvyD5foD94M5w/KIb1acsA4JHIyN8pvMK+s8TEsHgghUF8MUiW13NwMnTcTaOyZc/q8+r3thFe+OW4bSbRc4Q6cLimH9qLA4lCQnMNaqcD6JXUFPcUv+OA=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <36C9B8B194223A41AFE0F768AA07B174@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: netapp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 836b4566-fc30-4c07-1995-08d62dffcde1
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2018 15:56:41.1104 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB3219
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/7q5c_zayZ2qlbzi7FJRf1zLAGJk>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-02.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Oct 2018 15:56:45 -0000

Let's go back to the document proper.  I think it contains the fundamental disagreement.

To me, the point is to achieve interoperation.  The question is--"interoperation of what"?

There's an attractive feature that you describe: a keyed hash that's a strong check on the integrity of file content.  Suppose that I want to play, but I'm not running Linux, and/or I cannot run Linux for one reason or another.  I might even have a TPM on a client or a server.  How do the parts interrelate?  If I come up with some scheme that encodes provenance as a tree, saying how the file content is a product of many different originators (let's just say an executable file built by linker X from objects Y and Z, where each of those objects are based on a signed source file and a given compiler), how do I relate to what you're calling "provenance"?

Thinking much more simply: if IMA does what the draft says that it does, then it would be straightforward to describe exactly what it does, saying just how an HMAC is to be calculated and validated, with some description of the source of the key used in the HMAC.

This would perhaps be a more honest draft if it didn't call the blob that NFS was to store FATTR4_FILE_PROVENANCE, but just one brand of provenance encoding.  FATTR4_FILE_IMA?  That would rankle much less.  It would still suffer from all the weaknesses of not being well-defined, but at least it wouldn't appear to describe many possible "provenance" descriptions but really mean only one.

		Craig

v2.23.0 | Report a Bug | By Email