IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt

Chuck Lever <chuck.lever@oracle.com> Thu, 27 September 2018 15:32 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2925B130E54 for <nfsv4@ietfa.amsl.com>; Thu, 27 Sep 2018 08:32:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rMEBsYX4x6Nf for <nfsv4@ietfa.amsl.com>; Thu, 27 Sep 2018 08:32:03 -0700 (PDT)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CFCF127148 for <nfsv4@ietf.org>; Thu, 27 Sep 2018 08:32:03 -0700 (PDT)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w8RFNqTc057130; Thu, 27 Sep 2018 15:32:01 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=q1WD6tkMQULzBrOLSxFRErDY9psQ771+gGLjrCkzsQ4=; b=kuyoELqit1H4Fl5Hc0i2PnpZ5wCQq0Se7mIcmZBv/7K3f1692+m/Elr8WwpfrHEzeUxn SkJx0mKw9Mgsot04cXnN/kBcN3PMIBO8nrZve8TiZ2dw9gFeNwPCmS1Os6ZbUuvl8roK 6ScAhqpC9fqdCVoqqbGqY3hJhBMyjU0rMf5HXYUGSeRK0t4CQ6uJG68aIxUGGV3Caku7 3kLbPEpMxuTKai6SVsRxS/WtXuwYNp5Cq9q9Etgjg8mSeCyIukzneNFC6+mwxoYnQFrP NFijqm1mehyUWapMV9+h/za0tl2ZGLOwIZTjTO7uImmSoUfrtt4lwdTkGLBumO7ihTEL ww==
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp2120.oracle.com with ESMTP id 2mndpptw2y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 27 Sep 2018 15:32:01 +0000
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w8RFW0mh011162 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 27 Sep 2018 15:32:00 GMT
Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w8RFVxa9024958; Thu, 27 Sep 2018 15:31:59 GMT
Received: from [10.71.9.255] (/8.25.222.2) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 27 Sep 2018 08:31:59 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <20180927011257.GC2715@fieldses.org>
Date: Thu, 27 Sep 2018 08:31:58 -0700
Cc: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, NFSv4 <nfsv4@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <8461C2B0-41B3-4983-86F3-78DC4B36D077@oracle.com>
References: <153780090601.28221.16958675117475194416@ietfa.amsl.com> <CADE569F-8584-42CF-A297-E60956D368A2@oracle.com> <CAKKJt-fmB5psmtbm9PJTnhkZkZLCBnCVZnr3fMsf++exN5XObQ@mail.gmail.com> <20180926202157.GA826@fieldses.org> <1F2E60B5-E09F-4B33-8301-99C5E5A0F310@oracle.com> <20180927011257.GC2715@fieldses.org>
To: Bruce Fields <bfields@fieldses.org>
X-Mailer: Apple Mail (2.3445.9.1)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9028 signatures=668707
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809270146
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/BBohEDYURzDxoUjBbKjKthsr8wQ>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2018 15:32:05 -0000


> On Sep 26, 2018, at 6:12 PM, Bruce Fields <bfields@fieldses.org> wrote:
> 
> On Wed, Sep 26, 2018 at 01:27:41PM -0700, Chuck Lever wrote:
>>> On Sep 26, 2018, at 1:21 PM, bfields@fieldses.org wrote:
>>> 	"A keyed hash authenticates the identity of the last modifier of
>>> 	a file's content and serves as a strong check of the content's
>>> 	integrity.  For the purposes of this document, we will refer to
>>> 	this as file provenance information.  The Linux Integrity
>>> 	Measurement Architecture (IMA) is an example of a mechanism for
>>> 	assessing file content provenance [IMA-WP]."
>>> 
>>> I think it's also true that this draft is sufficient to allow a client
>>> to support IMA?  That also seems worth mentioning.
>> 
>> I'm confused by your remark. I'm describing a transport
>> protocol between a NFS client and server. Why would it
>> not be sufficient to implement client support?
> 
> Oh, I was pretty sure it was, just thought it was worth making that
> explicit.  "The Linux Integrity Measurement Architecture (IMA) is an
> example of a mechanism for assessing file content provenance, and the
> protocol described in this draft could be used to implement IMA."  Or
> something like that.
> 
>>> 	"To ensure interoperability among accessors of this information
>>> 	when it is stored on NFS version 4.2 servers, this information
>>> 	MUST be self- describing."
>>> 
>>> How do you propose that an implementation would make the information
>>> self-describing?
>> 
>> That is out of scope for this draft.
>> 
>> But typically if an integrity service wanted to do this, it
>> could use XML or JSON to describe the information, for example.
>> 
>> An HMAC has a particular structure (RFC 2104) that should be
>> easy to recognize.
> 
> OK, but you do have to know how all the other clients are formatting the
> information.  I don't quite understand what's meant by ensuring
> interoperability, then.
> 
> I guess I expected to see something like say a 32-bit "type" field with
> implementations able to register different "type" values so you could at
> least tell whether it should bother trying to parse a given file
> provenance field.

I don't think it's helpful to insert the WG and IANA in the
process of deciding the type of information in the FPI payload,
especially when the structure of that payload is out of the WG's
hands.

Either the clients look at a 32-bit enum value, or they look at
the payload and figure out what it is. I can't see how it makes
any operational difference.


> Maybe it's not necessary.  I wonder what would would happen in practice.
> I geuss if people deployed two different clients that both claimed
> support for file provenance, they might be surprised when they started
> randomly throwing errors when one client tries to read files written by
> another.

Typically, an NFS server serves a fleet of clients that have a
common administrator who provisions and configures these clients
to recognize the same FPI payload.

The consequences of not recognizing the file provenance information
are not dire. In those cases, clients simply don't allow access to
the file's content, and the implementations are free to report to
the administrator that the FPI format is not recognized.

Would it help to state that in the draft?

--
Chuck Lever

v2.23.0 | Report a Bug | By Email