Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls
Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 21 April 2020 07:46 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E273D3A0771 for <nfsv4@ietfa.amsl.com>; Tue, 21 Apr 2020 00:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.201
X-Spam-Level:
X-Spam-Status: No, score=-0.201 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TNm6Sp3mRt7d for <nfsv4@ietfa.amsl.com>; Tue, 21 Apr 2020 00:46:28 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30054.outbound.protection.outlook.com [40.107.3.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B35F23A0770 for <nfsv4@ietf.org>; Tue, 21 Apr 2020 00:46:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oeubKw1VEW5owDGqlZJHI4R58cvJ2+mmWDyt/AoMamZkq6yUyFBsL16bwrMIwYliHEjkW93Rnv0tVYNjnJVVt1MYolRfAw5pisXI5xjyKMCpmBCTND5fOscjUT4higqO5l2sFN699rVCk0oMKJkTltDWT9/zrRj8kMCe9ClbiqC6V4pAyagvhj3L3rxQOivp+rCiUZcxShmdve/MgnUoMaZrrrCL8glgJm3+75E1eILKB1cuDrT/XMPd/o/o82YQQ+h+H0dO5Jzvqctn65kOupcsq2YClDdNltkQuMxMz9Sj6WuAdHM1UgDiO37+L4o2USTabWMVK/CN2dfPA967kA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FQQWutq6Ss9tF4feBs+PCpDeTdaaF0dkiaXvgX7tpLI=; b=KYVxgjOZKz/yJFRSCYYZFFZEmeRhS+ZxvRl92EXWeC1B4cDHGnO2JVC9voxZ5ypj/j351BBm741p4vrG/FX9JSKlsuqkRm7w2RCAgWQD5V71OhZcQ35k23t8i0AAuVuYa5TSwpwT5nYG/2ey91/j26OP03Cw/8uH9/O5uNMNNbL9eYUWOF+oTya+7rQgJZMxJ983fRJc6SLVc6HIRM2pMS+oqwXvbLs1KIeV+05ffSbaMZe3jrFko0LeIbwIyA6bcLM55jLXZlaAGrSgOOmZQTyYtkduFjfAq9BivMhwSlMfN5XPjJzOL0AglDoavb1TgT5pcx+tMkcaBGbJS3hPtQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FQQWutq6Ss9tF4feBs+PCpDeTdaaF0dkiaXvgX7tpLI=; b=tRFG5tMvm/UJhi5tAsxYWCjEpWoyyCnVTiLGzD1j0mYg2UVd4HC2tVhh5woe21pNMWhmzjGLaOAXy56zkHHU+cVBi66Z34nnT0VchsD/KSHQUv3Xw0tVomxvtcFq4wfNRWEhcfroGBxIkOrpxnkHUmxwgqBrP9ckO+YV9U7LqTA=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0702MB3627.eurprd07.prod.outlook.com (2603:10a6:7:84::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.11; Tue, 21 Apr 2020 07:46:25 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::ec28:2c21:6d78:917a%2]) with mapi id 15.20.2937.011; Tue, 21 Apr 2020 07:46:25 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "chuck.lever@oracle.com" <chuck.lever@oracle.com>
CC: "nfsv4@ietf.org" <nfsv4@ietf.org>, "trondmy@gmail.com" <trondmy@gmail.com>
Thread-Topic: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls
Thread-Index: AdYH+TZCYEUSPG/KThqZ8Tp9CcZenQGq9Z4AAAL5cwAAAEtAgAABZXsAAACq6oAAAcUlAADsXEAAAG67FAAAjMMIgABUBmyA
Date: Tue, 21 Apr 2020 07:46:25 +0000
Message-ID: <7833b21f09aaffdb35e1a578e2a07b533002d318.camel@ericsson.com>
References: <VI1PR0702MB3775838FD12AB8A89392C17B95C90@VI1PR0702MB3775.eurprd07.prod.outlook.com> <FA2D661E-A787-4772-8F9D-A7594AE82F38@oracle.com> <CADaq8jciLWhL_FMmPcsdrVVS=9Gee8SYAsqi36H5v9iuNo7Pgw@mail.gmail.com> <E414F060-532B-4017-AC7E-5869884B2153@oracle.com> <e5796752c6204ffdd78503b1a9c9045cfd761e52.camel@gmail.com> <F9AC44CE-750E-416A-944D-E2382524020E@oracle.com> <19d2513b1093fc71223e361afca90d1a1ad6183a.camel@gmail.com> <E8D24949-C2A3-463A-953F-FAE7F46D4D23@oracle.com> <4e7912c6c55680f50b05aaa2cdc98f59733cd5b2.camel@ericsson.com> <C89BF8F3-7F65-4995-9CDB-CC1673E01463@oracle.com>
In-Reply-To: <C89BF8F3-7F65-4995-9CDB-CC1673E01463@oracle.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.1
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [98.128.243.69]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3154ca64-bffe-484f-aa2f-08d7e5c817d9
x-ms-traffictypediagnostic: HE1PR0702MB3627:
x-microsoft-antispam-prvs: <HE1PR0702MB3627B335067DED7312A7412495D50@HE1PR0702MB3627.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 038002787A
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(396003)(346002)(366004)(376002)(76116006)(478600001)(81156014)(26005)(86362001)(316002)(99936003)(53546011)(966005)(6506007)(6512007)(2616005)(8676002)(44832011)(36756003)(71200400001)(4326008)(2906002)(66616009)(66556008)(66946007)(66446008)(66476007)(5660300002)(64756008)(186003)(6916009)(8936002)(6486002)(54906003)(99106002); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1cKkj2hLuNs7mLf9SgcEz5QCyVsk9VuZSaeEvWmhDswTKHjam641YKkEl5YoeJF2o1OeXcSE98cSzQW7TkUNzzWRbIQ7IU9vAIvZsEPkY9tp0wgnVHiZ5YRMwJ396NfdRxwNVS92fd6tOyCaav924hsuQLmMuoDUJkIxxTVITTpKzIwte8gTrpQehyXwDrsc59LdeopSp4MC3dP35WiR07fGjwcUWVAE3AKN8ZI/K9di1mB+LawPlruoWUGk4v7AlqxodbQSN550JgopEzZuJ0hWQQ16mc6e+0h6bVXf6Y+hnF3PVpc1DWxDim6PEvC6+d2+6Tacn9XlDhRbCnKAMOqEENVbddjIeleAVelP8YL16MG6aCWH26KMxFsCsVlKZhIIIUbQ2x0wKpZjfXzEqDCv4SgmALc4MlA22EzMGEKWqn9pUQGJP61Om/5ZuCWW4Hn3aWlCY1LvFZ2PIp7HPQb4X7pKn7FWOqwT97UWM340tppdt9jGAc9I9d4P4uJmI+1AW899cJjr0l9qbk+HAd2guFM0Y6Q5lAwQpgxKu3c7ZnpBC2R6C8bFxjKkX8hb
x-ms-exchange-antispam-messagedata: Wmv0ppltbGiKGFw/sse4F/javlVxa0dSXcEJ6B/jeBmVHRLaF7ZaRwLLK33MF5mqYVdMkyMF2r0nfq0oCATOo4SdycreRhs/nwN8xAWH1bcDwqooIFq+nIZZtkwyl1kLEe13SKlmZrTdgaTBT/AGhDwCeQBpFvStWgtWLNi84feenDTjl05KPKSZtJGDCuGlbuGRcvmHBgpZudFZ00Gy9tLnaK3LE+fF3Ibag4wBnYU3K5LwADnX/nTb7o9TQ1HGEl0EmKt8MRsAFD5LWBPEY8CKGtuLbeYz+24UnGuA2BR53NEdDL2Kda1XTJ0I9WDfeAY7uCPfL7K827vw5bCOYkAHmYhP5UMaJdw30VDDDN5LCOM/0pgIEenJoQqt3BSKQphAfSjeHwlBlTZy56fjUOQZ+wpRe2/XDYP4u2sNPDyhqD510rZIM5k6rhFFvzne8FPZG/ubi61IZCbZu2ES6RBBHE02Oj1B3WtXZzVGrdmaT2uomStU696lfJhydl8h1jivJxVwmQ2/jo+RSxuWJjSDGylur585MYqkciYXN5mpqDta53oGkFm47/F0I8/I1FL1fQ/S98q3K6EQg+Drq6uYsmr+TboDWi+KhnY8MSpHq9CiSPqEM+dkCeuyyBO2kIoRMVOllvq0tQ1W2x/Hq7Hokx8rOSnGtSVblc+QzOcMRyT/cFNOY9sHsKRLo7ttolvQPgOFlp/LvLtAN0knyrkyyVnGPcTyG2S8GGj06Nn5xCl2s9EWPUpzC+URZyUbmZts8xW2kdxMpDeU/Cuxdmv+4Bwjl2vjVr/PlY5ptKw=
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-/MTtxPo0YHeK/Dbc/dWT"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3154ca64-bffe-484f-aa2f-08d7e5c817d9
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Apr 2020 07:46:25.1016 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ARI5m+lzWBb4FmuBhBlWoQElVH+13F8XsY7xcEjtLUNXZpzt38tJQ2UHw0+mRwfXQqCB5NZciKtyX9W5NDXR5ZZa8eJwyWph9Pi1+OFhxbE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3627
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/Be_aiLT-UCRqq7liOcTg85QmDDQ>
Subject: Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2020 07:46:30 -0000
Hi, See inline. On Sun, 2020-04-19 at 11:40 -0400, Chuck Lever wrote: > Hi Magnus- > > Regarding closure on the remaining AD comments: > > > > On Apr 16, 2020, at 4:30 PM, Magnus Westerlund < > > magnus.westerlund@ericsson.com> wrote: > > > > Hi, > > > > I have reviewed the text proposal and have this comment. > > > > On Tue, 2020-04-14 at 11:39 -0400, Chuck Lever wrote: > > > o If a client uses an ephemeral source port for a TCP connection and > > > does not present authentication material to initiate TLS host > > > authentication, the server MUST abort the TLS handshake with a > > > handshake_failure alert. > > > > So what is this paragraph trying to say really. Is this a mix of OS/Socket > > level > > concerns with the transport protocol level. Becasue from my perspective, I > > don't > > see why it would matter if the NFS client use a single arbitrary source port > > for > > its TCP connection to the server, where it determines that it has reached > > the > > server with a requested SNI. After the TCP connection has been established > > it > > will have a specific 5-tuple. Then the client use RPC level authentication > > to > > prove to the server which user it is. Yes, that has certain weakness in that > > it > > doesn't identify the client host system, however for cases where one don't > > require that. > > I've concluded that because... > > • It is widely recognized these days that the source port is no realistic > indication of any degree of authority on the client, > • The new requirement was proposed well after the end of WGLC for rpc-tls, > • The use of a privileged port is discussed in RFC 5531 as implementation > guidance, not as a normative requirement, > • There seems to be an ongoing lack of consensus about what exactly should be > said, > > ... I will drop this new text entirely. > > Dave Noveck pointed out to me that Appendix A of rpc-tls already quotes the > final paragraph of RFC 5531 Appendix A, which suggested the use of the source > port. > > IMHO Appendix A of rpc-tls really ought to make some kind of statement about > how weak it is to use the client's source port, as the purpose of the source > port test is to mitigate the weaknesses of AUTH_SYS that are discussed in that > section. However, given how late it is, I leave that discussion to subsequent > documents. The source port test can remain an implementation quality issue for > the time being. Okay, I think that is fine. > > > > So related to my AD reveiw comment: > > > > > 6. Section 5.1.1: > > > After establishing a TLS session, an RPC server MUST reject with a > > > reject_stat of AUTH_ERROR any subsequent RPC requests over a TLS- > > > protected connection that are outside of a TLS session. > > > > > > I assume this is actually bound to a host or a user identity? Because > > > reading > > > the above sentence immediately made me ask how can the RPC server > > > determine > > > that the RPC request is coming from an entity that already has an TLS > > > session? > > > Can you please clarify this question? > > > > For TCP I think the new text addresses this to simply stating the fact that > > once > > the TLS connection is established over the TCP connection it is impossible > > to > > use it in an non-secured way. > > > > However, for UDP I think an aspect of this question remains. > > > > > Once an RPC client establishes a DTLS session for an RPC program, the > > > RPC server MUST reject UDP-transported Calls in that RPC prgram from > > > that RPC client that are not protected by the established DTLS > > > session. > > > > > > > Is this on a per 5-tuple level? Can you make that explicit. If not can you > > please specify in which way the server will make the deterination that they > > should be in some other 5-tuple an the associated DTLS association? > > > > > > My understanding of DTSL is that over UDP for incoming packets it will look > > at > > the 5-tuple, The destination port for which DTLS server/client that receives > > the > > packet. And the source port + address for determining security context. > > After an > > DTLS association has been created on a 5-tuple incoming UDP datagram > > payloads > > needs to contain either DTLSplaintext or DTLS cipher text (see Section 4.1 > > of > > https://datatracker.ietf.org/doc/draft-ietf-tls-dtls13/). If it doesn't > > match or > > succesfully deprotects then the paylaod is rejected. Thus it will not be on > > the > > same 5-tuple possible to receive any unprotected datagrams. > > I've tried to resolve this issue in the following ways: > > - I've removed the problematic rejection requirement. > - I've introduced discussion of the use of a CID or 5-tuple to identify the > participating endpoints. > > Here's the new text: > > 5.1.2. RPC-on-TLS Operation on UDP > > RPC over UDP is protected using the Datagram Transport Layer Security > (DTLS) protocol [I-D.ietf-tls-dtls13]. > > Using DTLS does not introduce reliable or in-order semantics to RPC > on UDP. Each RPC message MUST fit in a single DTLS record. DTLS > encapsulation has overhead, which reduces the effective Path MTU > (PMTU) and thus the maximum RPC payload size. The use of DTLS record > replay protection is REQUIRED when transporting RPC traffic. > > As soon as a client initializes a UDP socket for use with an RPC > server, it uses the mechanism described in Section 4.1 to discover > DTLS support for an RPC program on a particular port. It then > negotiates a DTLS session. > > When using connectionless operation, each DTLS session endpoint is > identified by its 5-tuple -- the source and destination IP address > and port numbers, along with the UDP transport protocol number (17). > When using connected operation, the DTLS session endpoints are > identified by connection ID (CID), as described in > [I-D.ietf-tls-dtls-connection-id]. Connected operation is strongly > RECOMMENDED. > > Sending a TLS Closure Alert terminates a DTLS session. Subsequent > RPC messages exchanged between the RPC client and server are no > longer protected until a new DTLS session is established. > I think this is clear. I don't think I can provide better guidance. I think we will get feedback on this when we go to IETF last call if it is insufficient. I hope the WG memeber can also check this also. Cheers Magnus Westerlund ---------------------------------------------------------------------- Networks, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Torshamnsgatan 23 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Rick Macklem
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Benjamin Kaduk
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Benjamin Kaduk
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Benjamin Kaduk
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls David Noveck
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Trond Myklebust
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Magnus Westerlund
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Faibish.Sorin
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever
- Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls Chuck Lever