IETF Logo Mail Archive

Re: [nfsv4] Kathleen Moriarty's Discuss on draft-ietf-nfsv4-flex-files-15: (with DISCUSS)

Tom Haynes <loghyr@gmail.com> Wed, 24 January 2018 22:25 UTC

Return-Path: <loghyr@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0B2212AF6E; Wed, 24 Jan 2018 14:25:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t4r1YKopQG7H; Wed, 24 Jan 2018 14:25:33 -0800 (PST)
Received: from mail-pf0-x243.google.com (mail-pf0-x243.google.com [IPv6:2607:f8b0:400e:c00::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC66D12D779; Wed, 24 Jan 2018 14:25:32 -0800 (PST)
Received: by mail-pf0-x243.google.com with SMTP id e76so4256553pfk.1; Wed, 24 Jan 2018 14:25:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=V34zHwaCCBm8LwuHCfGMp9JX2PSgPHskwz10wDg53TE=; b=Lw72eTQwbK7fm99EKJV2ruiENMel5MM+/TH/PYVar+ucJXj99TBCIjyT4zUmgJ/lEf fPDqzxzRCaM27b6eYgpeEEjxGynORrfVSpFyco/HwBK2F3tm3ubtZQhGaSahCDe6dpno 2I8DR+YHV8lgrbbjLOtGGzAc1OECYBN2ZLurMJaD8VKrLxVOft2coPVY2qJs43F8fNme 3LHjDS+xvbV79BfIRX/iaDJQuTfz3AIYzu67iyhjQ9WQjKIhkNp5gGHTHOFlbkslUOpX l/2k1N5L05vk7q3pId0zaMPUanJ4Z/yKB9+rIpG2dGPyzhl9j9MjB3JARDZcrQMS92Nl Bi/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=V34zHwaCCBm8LwuHCfGMp9JX2PSgPHskwz10wDg53TE=; b=ZCnMuG3LKoSNWaXOUrDnP334TS9eH1hZVu/WEO2zGvQMEgvDX5U14nHEw93g/41p1g 1CRUoYVTDuW9spr7g7gOYgkg5vhBtFuiOBuKEp1TnpQW7/J+8c+S/ruIeHBf9bHhUfNS mHeY8zOplDtJVOpA73MowAt3BfsLW2HELD5bqZVvrh5pu+ENJWY8c1mhx5skIi4IXU7Y lj6C9zbccm8hH8ws/vHisaVPSx4I4PM5ZXDaVXvltSKDQ9yMjH+AcCnVKDaAerkjXExO AhSayqeiriIveJs9fQmq791/W4wG3afAJHDYy8ybXcnaOwNB7+Q4K/D4/NeT6oafA8GH jUFw==
X-Gm-Message-State: AKwxytcfuLpr1VZNO/d6n6ZeEb98a05DdrPgC3o6a8kSh7rq/YmaCGYZ vLsXWEST8+9uZls9bZlR+hw=
X-Google-Smtp-Source: AH8x225wz/44jPTuFHQ2tWfNGHtXdF2877qTFVBwjvsz2IFxC4wUQPA4KTMaxlRrdwaHIqDBvC/Dxw==
X-Received: by 10.98.102.135 with SMTP id s7mr13962196pfj.209.1516832732325; Wed, 24 Jan 2018 14:25:32 -0800 (PST)
Received: from kinslayer.corp.primarydata.com (63-157-6-18.dia.static.qwest.net. [63.157.6.18]) by smtp.gmail.com with ESMTPSA id z125sm11003141pfz.27.2018.01.24.14.25.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jan 2018 14:25:31 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Tom Haynes <loghyr@gmail.com>
In-Reply-To: <151681212064.22573.802639868783000012.idtracker@ietfa.amsl.com>
Date: Wed, 24 Jan 2018 14:25:30 -0800
Cc: The IESG <iesg@ietf.org>, draft-ietf-nfsv4-flex-files@ietf.org, NFSv4 <nfsv4@ietf.org>, nfsv4-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <49F618BA-9ED0-4DB9-BA4F-C96D7568C2F8@gmail.com>
References: <151681212064.22573.802639868783000012.idtracker@ietfa.amsl.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/ASmjHk_m16dyVMfyTRf-y9hEmH0>
Subject: Re: [nfsv4] Kathleen Moriarty's Discuss on draft-ietf-nfsv4-flex-files-15: (with DISCUSS)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 22:25:36 -0000

I purposely did not update the document to avoid confusion during this process.

There was an unanswered question in my last reply, namely concerning the use
of SHOULD versus MUST in the 3rd sentence below:

   It is RECOMMENDED to implement common access control methods at the
   storage device filesystem to allow only the metadata server root
   (super user) access to the storage device, and to set the owner of
   all directories holding data files to the root user.  This approach
   provides a practical model to enforce access control and fence off
   cooperative clients, but it can not protect against malicious
   clients; hence it provides a level of security equivalent to
   AUTH_SYS.  Communications between the metadata server and file server
   SHOULD be secure from eavesdroppers and man-in-the-middle protocol
   tampering.  The security measure could be due to physical security
   (e.g., the servers are co-located in a physically secure area), from
   encrypted communications, or some other technique.


> On Jan 24, 2018, at 8:42 AM, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com> wrote:
> 
> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-nfsv4-flex-files-15: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-flex-files/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Thanks for your response to the SecDir review.  I see the proposed changes have
> not been integrated yet.  This discuss will be resolved when the SecDir review
> changes have been included.
> 

I purposely did not update the document to avoid confusion during this process.

There was an unanswered question in my last reply, namely concerning the use
of SHOULD versus MUST in the 3rd sentence below:

   It is RECOMMENDED to implement common access control methods at the
   storage device filesystem to allow only the metadata server root
   (super user) access to the storage device, and to set the owner of
   all directories holding data files to the root user.  This approach
   provides a practical model to enforce access control and fence off
   cooperative clients, but it can not protect against malicious
   clients; hence it provides a level of security equivalent to
   AUTH_SYS.  Communications between the metadata server and file server
   SHOULD be secure from eavesdroppers and man-in-the-middle protocol
   tampering.  The security measure could be due to physical security
   (e.g., the servers are co-located in a physically secure area), from
   encrypted communications, or some other technique.


> https://mailarchive.ietf.org/arch/msg/secdir/HKdT2KjnWJFmzEPxlGcNH0OnUDg
> 
> 
> 
> 
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email