IETF Logo Mail Archive

Re: [nfsv4] Review of draft-ief-nfsv4-integrity-measurement-04

"Everhart, Craig" <Craig.Everhart@netapp.com> Tue, 21 May 2019 19:54 UTC

Return-Path: <Craig.Everhart@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E40B91200D6 for <nfsv4@ietfa.amsl.com>; Tue, 21 May 2019 12:54:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yaq5wfoJukl1 for <nfsv4@ietfa.amsl.com>; Tue, 21 May 2019 12:54:48 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-eopbgr810084.outbound.protection.outlook.com [40.107.81.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3542120044 for <nfsv4@ietf.org>; Tue, 21 May 2019 12:54:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector2-netapp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FP0krBJG1ciej7vw6xZKuFgtje0QpeAIMRwjnz8+fBw=; b=kk72gMvclyQEZDanUIedDCBfJnfpp0QxhkXBeXn7/26TTsVlgz6pDrklHnJAlZG+F7vKCy6GVL11nAHXGvdpm65tNRd08Blkar8Z2nG9BLq13QYUHISzR8ntR0ATD2lKYsiG9BgHkVj8gMDNFZJdMFmd05F2znpEaew40o4Oakk=
Received: from CY4PR06MB2838.namprd06.prod.outlook.com (10.175.118.14) by CY4PR06MB3095.namprd06.prod.outlook.com (10.171.248.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1900.18; Tue, 21 May 2019 19:54:46 +0000
Received: from CY4PR06MB2838.namprd06.prod.outlook.com ([fe80::387f:f13e:b76a:c7d8]) by CY4PR06MB2838.namprd06.prod.outlook.com ([fe80::387f:f13e:b76a:c7d8%6]) with mapi id 15.20.1900.020; Tue, 21 May 2019 19:54:46 +0000
From: "Everhart, Craig" <Craig.Everhart@netapp.com>
To: Chuck Lever <chuck.lever@oracle.com>, David Noveck <davenoveck@gmail.com>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] Review of draft-ief-nfsv4-integrity-measurement-04
Thread-Index: AQHVDicKrt9jz4yNzkyrywnZxCXdUqZ0WHcAgAEBCQCAAJkmAP//zBIA
Date: Tue, 21 May 2019 19:54:46 +0000
Message-ID: <A3D33A2F-F2ED-49A2-A89B-7E7079AB0BB9@netapp.com>
References: <CADaq8jc2FoNEYHp282hxjY3EnWH7qQhF=WHomp+W9O5qf85USw@mail.gmail.com> <AACE7624-98E3-47AE-AA4F-BBD752A818AD@oracle.com> <CADaq8jeKEN9MY9hs859hJxfyCjeObOR1vBdWMyjFGF9g+KhnfQ@mail.gmail.com> <6562B008-FDA5-4DE2-B0CE-EC310F372E03@oracle.com>
In-Reply-To: <6562B008-FDA5-4DE2-B0CE-EC310F372E03@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.17.1.190326
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Craig.Everhart@netapp.com;
x-originating-ip: [216.240.30.4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 63c33c7b-7757-4212-3ae1-08d6de262d3d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:CY4PR06MB3095;
x-ms-traffictypediagnostic: CY4PR06MB3095:
x-microsoft-antispam-prvs: <CY4PR06MB3095BAC217517FE0450113F6F0070@CY4PR06MB3095.namprd06.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0044C17179
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(376002)(39860400002)(136003)(366004)(396003)(189003)(199004)(81156014)(26005)(256004)(72206003)(86362001)(53936002)(91956017)(76176011)(76116006)(186003)(6512007)(7736002)(476003)(6116002)(8676002)(486006)(81166006)(36756003)(5660300002)(316002)(305945005)(14454004)(8936002)(11346002)(2616005)(3846002)(446003)(4326008)(6486002)(2906002)(68736007)(82746002)(478600001)(66066001)(6506007)(229853002)(25786009)(66946007)(73956011)(66476007)(102836004)(66556008)(64756008)(66446008)(33656002)(83716004)(6436002)(99286004)(58126008)(71200400001)(71190400001)(110136005)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR06MB3095; H:CY4PR06MB2838.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: uBWQscJyiErcChlm3uHKkG6T9odEigbuILZNFIAhrRKswjhMhlWH+z8aPI9bjimnCjZ7WslTTVRR9KacS//L7lglI046STj0H7fOjmOx94xYScmNxOcnWqeZTrWR3oE4bE+ql7ChpbnWPDj7Caoeb3RgKB7obxMNqBZ8C6jHH99woCCkI5TPBWbbM1rgoCEEdrrqbJAXYq81SbQqGv2nQrgIVcWguePJ1bnM9pOIUyDXVPhp121neuywsccTFeyN9R9JvQrxvULT9y1cscwFB6zE6DiAiH+JoKWXQRUrFwUGLHahWpqwz6cX0Ste74/enDKHf/YrxuRpmKOoYfG2gv8pPrO0tg4Po+FLv30k6r9Xg2I5Vcf8/xtz9JDdH4GuU7MJv7NrqJdP628P7G6DmnbOsKHBSAWwKk2yq1y5Cwo=
Content-Type: text/plain; charset="utf-8"
Content-ID: <9A38914B2E105C448929F76243B84F57@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: netapp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 63c33c7b-7757-4212-3ae1-08d6de262d3d
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2019 19:54:46.7373 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR06MB3095
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/BOayDh4s2D9YYP2j1CUp6ymEcgI>
Subject: Re: [nfsv4] Review of draft-ief-nfsv4-integrity-measurement-04
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 19:54:50 -0000

Hi Chuck.

It's a little specious to cite RFC8276 as a model for a Linux-only feature, isn't it?  It goes to some pains to describe how its xattrs are supported in multiple operating systems (Linux, FreeBSD, Windows's NTFS, with even Swift).  It suggests enough detail for some of the xattrs that it's imaginable that there might one day be semantic interoperation: message-IDs, a URL, checksumming, crypto hashing, source application, etc.  All this is lacking in the IMA document.

One particularly difficult omission from the IMA document is some understanding of the domain of discourse.  In the Linux document, the domain is one Linux machine.  Presumably, the draft intends to extend this domain to all the clients connected to the Linux machine?  It's not clear.  What would it mean?  (What is being intended?)  Is there any guarantee that the IMA implementations are compatible?

How is the "identity of the last modifier of a file's content" converted to a keyed hash?  Is that "identity" something that has meaning outside the single Linux machine, or the one that's acting as the server here?

NB.  I tried to go to the URIs given in the -04 draft; the first directed me to a string of software versions--not the document that I was expecting--and the second didn't resolve.

		Craig

v2.23.0 | Report a Bug | By Email