IETF Logo Mail Archive

Re: [nfsv4] Potential erratta for RFC7931

Chuck Lever <chuck.lever@oracle.com> Mon, 03 October 2016 16:25 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E8881293FD for <nfsv4@ietfa.amsl.com>; Mon, 3 Oct 2016 09:25:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.697
X-Spam-Level:
X-Spam-Status: No, score=-6.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h4ZfjJzLU1uk for <nfsv4@ietfa.amsl.com>; Mon, 3 Oct 2016 09:25:36 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C000D1293F4 for <nfsv4@ietf.org>; Mon, 3 Oct 2016 09:25:36 -0700 (PDT)
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u93GPYl3009406 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 3 Oct 2016 16:25:34 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id u93GPYxN011750 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 3 Oct 2016 16:25:34 GMT
Received: from abhmp0003.oracle.com (abhmp0003.oracle.com [141.146.116.9]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id u93GPWra028214; Mon, 3 Oct 2016 16:25:33 GMT
Received: from guillaumin.fry.int (/63.73.225.227) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 03 Oct 2016 09:25:32 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <20161003153707.GF3324@fieldses.org>
Date: Mon, 03 Oct 2016 12:25:30 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <38F410D9-349D-4221-BB14-D2D196FB4EBE@oracle.com>
References: <CADaq8jdc+5oLkvaxNkpxm65gH_X8+fGarZLAsq-bgGrUxSYC3A@mail.gmail.com> <20161003151158.GE3324@fieldses.org> <F37D4338-2D86-4B97-83D0-B0F7BE7B85E4@oracle.com> <20161003153707.GF3324@fieldses.org>
To: "J. Bruce Fields" <bfields@fieldses.org>
X-Mailer: Apple Mail (2.3124)
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/B87RUj5ACy47iJSM7NOfu15S9Dk>
Cc: Bill Baker <bill.baker@oracle.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: Re: [nfsv4] Potential erratta for RFC7931
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 16:25:38 -0000

> On Oct 3, 2016, at 11:37 AM, J. Bruce Fields <bfields@fieldses.org> wrote:
> 
> On Mon, Oct 03, 2016 at 11:26:10AM -0400, Chuck Lever wrote:
>> 
>>> On Oct 3, 2016, at 11:11 AM, Bruce Fields <bfields@fieldses.org> wrote:
>>> 
>>> On Sat, Oct 01, 2016 at 09:02:52AM -0400, David Noveck wrote:
>>>> Although the NFSv4.0 specification requires the server to make sure that
>>>> such verifiers are very unlikely to be regenerated, different servers may
>>>> use the same approach to the construction of such verifiers, raising the
>>>> probability that two distinct servers might inadvertently assign the same
>>>> verifier value. The fact that the servers in question have assigned the
>>>> same clientid4 may raise this probability.  In order to guard against the
>>>> possibility that such assignments might cause two distinct
>>>> 
>>>> servers to be incorrectly considered the same, the SETCLIENTID procedure
>>>> mentioned above needs to be repeated at least once.
>>> 
>>> Nit: I believe your argument was that one repeat was sufficient.  If
>>> that's the case, let's say that.
>>> 
>>> And the bottom of p. 24 also needs an update: "Note also that the
>>> callback update procedure can be repeated multiple times to reduce the
>>> probability of further spurious matches."
>>> 
>>> I'd update it to something like: "The callback update procedure must
>>> then be repeated one more time".
>>> 
>>>> This will ensure that
>>>> the sucessive confirm values SCn, SCn'. SCn'' generated by these repeated
>>>> SETCLIENTID operations cannot all collide with a verifier previously
>>>> received by the client when communicating with IPn.
>>>> 
>>>> Comments?
>>> 
>>> I think that's correct, and it's a minimal change, and therefore maybe
>>> it's the right thing for errata.
>>> 
>>> It bugs me that the only client I've looked at does something different
>>> and much simpler.
>>> 
>>> After receiving the SETCLIENTID with a clientid matching an established
>>> one, the modified RFC7931 requires, if I have it right:
>>> 
>>> 	1. SETCLIENTID_CONFIRM to the new server.
>>> 	2. SETCLIENTID to the old server.
>>> 	3. SETCLIENTID_CONFIRM to the new server.  And with this fix:
>>> 	4. SETCLIENTID to the old server.
>>> 	5. SETCLIENTID_CONFIRM to the new server.
>>> 
>>> Whereas the Linux client needs only:
>>> 
>>> 	1. SETCLIENTID_CONFIRM to the old server.
>>> 
>>> And that works just as well.  (The existing Linux client has the same
>>> bug, but that is fixed with just a single if statement and no more
>>> round trips.)
>>> 
>>> So at some point I'd hope we can document this, as 1) it's actually
>>> being used by a major client so people need to know about it, 2) it's
>>> easier to implement and analyze.

I don't see any language in RFC 7931 that says "clients MUST use
exactly this algorithm." Thus I feel the algorithm documented in
RFC 7931 is no more than an implementation suggestion, just as
similar sections of RFCs 7530 and 5661 are no more than that.

Documenting every implementation of trunking detection that doesn't
match what is in that RFC doesn't seem reasonable.

1) "people need to know about it" : Is there a particular
interoperability concern you see arising out of the use of the simpler
algorithm?

2) "easier to analyze" : there is already analysis in RFC 7931. Is
that analysis inadequate enough to replace it? Is there a substantial
problem with it?

At this point RFC 7931 is immutable (aside from errata). Unless there
is a significant reason to update that document, I would rather use
the errata approach.


>> The Linux client implements something simpler because, at least so far,
>> it does not support trunking at all. The detection algorithm in that
>> client is to _avoid_ trunking, when a client administrator (accidentally?)
>> configures multiple mount points of the same server via different
>> server interfaces.
> 
> Either way we're trying to answer the question "do these two addresses
> point to the same server"?  The only difference is in what we do with
> that information--something not covered by this algorithm.
> 
>> The algorithm documented here is for a client fully capable of trunking.
>> 
>> I don't see a strong need to document the weaker algorithm in an RFC.
> 
> There's nothing weaker about this algorithm.  If you see something I'm
> missing, please explain.



--
Chuck Lever

v2.23.0 | Report a Bug | By Email