IETF Logo Mail Archive

Re: [nfsv4] Comments on minutes of wg meeting at IETF114

Chuck Lever III <chuck.lever@oracle.com> Wed, 14 September 2022 18:44 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12CA7C14F737 for <nfsv4@ietfa.amsl.com>; Wed, 14 Sep 2022 11:44:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.809
X-Spam-Level:
X-Spam-Status: No, score=-2.809 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b=k/jHjBUs; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b=FwIn6Wj5
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DDxmPxpDp5oz for <nfsv4@ietfa.amsl.com>; Wed, 14 Sep 2022 11:44:15 -0700 (PDT)
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A2DEC14F724 for <nfsv4@ietf.org>; Wed, 14 Sep 2022 11:44:12 -0700 (PDT)
Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28EIiAut032228 for <nfsv4@ietf.org>; Wed, 14 Sep 2022 18:44:11 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=corp-2022-7-12; bh=ISbi3VuIdW18gR5PJy5B0ADX0dsopt6UAWKbgAWz6fY=; b=k/jHjBUsr+MC7OF+R9plGugEy8NrMSbfXfAv5Dsb33yZC034QMmNyWKPBYrXpAvTufRn 9P0XDu3m7ZFAAoayPKAEkP3OeSl9XTStKYdZO7iEMzkPAg8eFgbcrwmqbYRH8+fppBgp 2meitAHlZCMGHGeEMjOYMweu+r64EN0Y4NWfBk9ynzqzem5jPzWgHh3zzooy1VvP3ejz ucFfp654UxVFHjDUEOH+3OxDpcaC3as+yPMAqHGY62SNhNchiOM9P1f/tyu47B/XsFMb hGDrbtbAePOBeSLRGPWlgG5IgyEBUJA6Gg7AYbk63ogg5bp753ckfCWkSanjZ8hJHKUC Tg==
Received: from iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta02.appoci.oracle.com [147.154.18.20]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3jjxyr3apb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Wed, 14 Sep 2022 18:44:10 +0000
Received: from pps.filterd (iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 28EGA6Rk006480 for <nfsv4@ietf.org>; Wed, 14 Sep 2022 18:44:01 GMT
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2168.outbound.protection.outlook.com [104.47.58.168]) by iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3jjy2bav7v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Wed, 14 Sep 2022 18:44:01 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GucGieKese8SEsE69q+k+m8uV9VdZuQ90rH2rzDf4Du2bkZd+CiQf4+45FlfLsCZI8zszu9c5fiD6lnTJvMUlHY+CT3NkJKWR5WRVJO/f3hsQRsntlENfnsXpv8d9n5DAG3yEyBayP6un5j/cITA3Ngicu+66WZGjjMsZlFsiLl3gJjAWUM3gSjRrNqiYmbApmAI+sR6v4NWaXHSv3BsZsfHfejmI5NRb4cUN8rBJ3vEyYOjg9u1HzVUkH+p9MJjdWQWA7T62dHs4HwkZjJqGrJgKCfaDCHUmFKXfiuWE7KUqJpaHRygWAKI1uEJQ3GXOmyiZCcHQTGHc9h7ep9Anw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ISbi3VuIdW18gR5PJy5B0ADX0dsopt6UAWKbgAWz6fY=; b=J/ZQhGtBTPmJnmG/15fffpi2zuqX3+Tfm+vftX0UUnlArbqfW6+SuYyZxo9N6GDZ+7ce65c6AVXDwVWxMzWHpNOI2z17riEWBz0/sqILkvBUQDembLRL4kifHYXiFECP7XjfZHnDfTXEdxeEP0ZcAy3aGmRncKXcoGp6aZTgiqrCbdR/xUYV3JgBtZWW0Xo5PpQD4cHFCC86lxKbUvBJSAtLh14RRt1WmkTdsexwZt+GHnsmLrnMISHgz0M5WvpNVSYr3ymfVJSW8ZfbnI0SrgzwI/naSoYwIWRdiw7AgVMZmhtUfE1nvI/dO91LjBQKmHU8EbLjHCktpG0T7FYAnQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ISbi3VuIdW18gR5PJy5B0ADX0dsopt6UAWKbgAWz6fY=; b=FwIn6Wj5IJrLClxtYp3o5G3u+k/WMcOqvG65BcOzYy6FsOjAAgEzSpRQioi94A+tBHGB5jQfZRLuaaH14T0GfWJ9ZNID0SKYoP5VCRgXA8LeTHmFlx9SuAtiEZcoAodLcHrP5wW+fFi+G/OkoAk5Pyr61Eqy1kTfl7QVEMPN5D0=
Received: from BN0PR10MB5128.namprd10.prod.outlook.com (2603:10b6:408:117::24) by SA2PR10MB4682.namprd10.prod.outlook.com (2603:10b6:806:110::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5612.22; Wed, 14 Sep 2022 18:43:57 +0000
Received: from BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::25d6:da15:34d:92fa]) by BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::25d6:da15:34d:92fa%4]) with mapi id 15.20.5612.022; Wed, 14 Sep 2022 18:43:57 +0000
From: Chuck Lever III <chuck.lever@oracle.com>
To: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] Comments on minutes of wg meeting at IETF114
Thread-Index: AQHYxjPDm6k+YDWREEG5Y4QNw6y1YK3b7L6AgAFf0YCAAEVyAIAAmD3SgAEdP4A=
Date: Wed, 14 Sep 2022 18:43:57 +0000
Message-ID: <E443ED89-9C34-4099-B8BC-5DCCE09144F7@oracle.com>
References: <CADaq8jd4+FPhH0m5AuBgop_xJiYMjrRKva8mX0A-gioW_8b+5A@mail.gmail.com> <2CCC6B48-118F-48C3-A764-1380BAB72066@oracle.com> <CADaq8jeoyLbC_cFd8FwSzuSGFZAi9r3UsTGAxx5KykW+-99Jmg@mail.gmail.com> <606B4B27-0DC1-4215-987F-D97A37C4C278@oracle.com> <YQXPR01MB41506E793FF6F63EC6B1E185DD469@YQXPR01MB4150.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <YQXPR01MB41506E793FF6F63EC6B1E185DD469@YQXPR01MB4150.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0PR10MB5128:EE_|SA2PR10MB4682:EE_
x-ms-office365-filtering-correlation-id: f2fc82c0-6fe0-4db0-10af-08da96811522
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: liXhIUoGOA8oRwHCWNOSQaLn7bDbQWCtPKCdiW6LNVjq3A4bm6WunA2xD3TQY7oh8SXd3qVi5BrzILad8Sq3oyibN5naWQIWGqBCQ7MrG/fPqFS+4VhYSL0eQrZOsarylHtGKeHObXUYXygt51OYpeCGjQLxcnzYzu3HfIupd48ErYSQq1dS7BSQmpOaBbKVgusbz1gSridZXbj9E47qQzEfGzh6yZ4+wzYTjLRPLh7TT1kGn2+Eq22nJpf74Blb+r/17lODmMiK/YeEYJQqLrWVWOAgzbbIFku1ETZkxnT1d3nfJrKhd/PLmeXcbieU1mMRqdTzoAoOr3D+kMwzC8AyZ8Nev6Qst3hzi1n62vDpqKBgSKXajepvm/52BFchYCrpQo5uQicVhXL347YoNFKAjTnKZxT+8qdZiFVtEEQnTj6BtGaTZ5k0J17IiYrNFDYNnRRecjmfGftdOHv7mo9EbScaVqQjvz5D8UQ0iJD8nlQiCYWWdcYOOI5RdFqYbdhj2XByr8WtVIBFo5uU8dgNqSNZNOjdRusSbVWWll78yHWzWsvea/e4D3My/c6Dp9BM9w7o3OG3/M5XqZ2AgRArMVtngLNYWR6hiUD3rQy9J5RNWdob7npMEBR5jkOvzmVUWZ64vqtkcUvBcPbrAzSku4fwEicWL7tSr0bcE9m2pms3hQrjKddFb5p/u+AVYNcd+8R1CW+GtmbuHxO1K6A12xuXzj+wfac37UCjn48EQnR3yIrRljSFH33VS9du
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0PR10MB5128.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(346002)(396003)(366004)(376002)(39860400002)(451199015)(38070700005)(66556008)(38100700002)(66476007)(64756008)(66446008)(33656002)(8676002)(186003)(478600001)(91956017)(5660300002)(26005)(83380400001)(76116006)(316002)(71200400001)(36756003)(6512007)(6916009)(8936002)(86362001)(2616005)(6506007)(53546011)(41300700001)(2906002)(6486002)(122000001)(66946007)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xeITLlvTxQAE6AqD/5qA7pQ1xEDP2lf0p4Vge6OIPrf0DeZNdg7mo6X9u3DNpedlpj4ZXRK/y5VSMafXlFzxs/XqnvRECal4pzwLPqQQcc/NjRNxKjUMECAZq8JGdSdZ1HUwNiTF1+evUfD3lGVhH2ZbApj4/Cf4SmxNOtYJuvl5RFLAutk8E7w0IvZLqYkhFvP3++FpB8vX42UcmDVvJPYTrxjtJMON3dCsyYMrdeyBDOKu/g7nZo3eVSnNpTyeWGlRysXwxQKFEUrsJOES2dQ8vuPW6VntWZBkTAUyCA+3X5hfFwNecy9fiV4KsQGADdXFWZPsmIb88nxvIq/eiIqvn+47NoSzCIqSOuS5jTnuwx2k8n7jwOfxq5fdFkHkQ41mDS0IlFLI8lxlIFxrTYWN5v+/3gQnBs9G/tG6dKJdQo5XbgB2VNqrkGLEdnv4cB6RSkweZJjjg+73tAzV+zJJSZXxrS6J6juDyKwNUdWTN+vjIRXZIAEVhTUdtxUVbJAkV6edGOnIV5chacB0lE8moFwsWM/nrxQeTdsw4G08i5t1D6p2q08LA6QcngpY3Fxmnv0gR7Ne+uU+eoWR3IrQltnzjCr6a3L2ti7v4Rr67MqpXJEff9h5yCf1nN6u7eShmlfBkZlPR7iaPuUcpu9y164l8KzqTa4yZoIXKCRRr2Zl4SX4UunYopj6l9muFcjLnhpn2YU9OF0111vYk3P+lGMxrkvulHNc7CI6WnWrUNYDR20Dv+8XcBtlOocmkELghqJynYD756dzjpt2yP0pkqb3k3Fv8iKk2u3nIoes90R6bZpJhjA1c3U1CUrzzH91tJLlgO7ikxBse96Axj2mvP8cVGgVkHqpCxljGZBy/qSHxN2LHaUZcSuUj3CKEyBcm2aFYJZ7u3Jhts6M4qwflKDmOzdU4aDyng9y6OkjVs7drfXfyXKKRhi5oiQrLe5w0UzQGuAP7hfFEA01D2O94oMA8UhtNniiIH7mN0MnV51sKjTXeyi4qy51etoqGw+ZyJuyHR1xMg5SbPx9PDsshNXLnR16MrHoHgUIYQnplMhablq7dScreS05UZIOSodbiTVHPIa2qdr2SATQ+Q4F4EilhlkT03vqxUY+GfLZMlDYfWLr4nOBT4zfEih+EaTXZtGlbYkUUlE10zJHD4K4jbhDVt+7i26ZMsZ3AnANeRfwD2EVJWVGrGzhHxSKZpYwI/AOg74fih4t95HNh8ipQtrsTzX0eJ+9+muAlcRYWci1/L8PvbfjoWTFqHgCJqhjne1c3Zwo9xjDoyrOcG/ZrlFR+NcJfiHcLF9DyIcMHgr1PpmDnn03anvdm5LHq1bEBZZv1KAOs6O8QhRCTpAhG9XiT0P0Ll98QHMickd0idwAYlDNPoairi86uqUGKv3W20tbdWmwxtDV43vRNVMri5bShb3zJr1p0HLqG5fb8TcG1L7IB9sF3lQaFy4J7aWh7zl3GoKvTzLnG9RZJb273IDURJZlP5694ZzGsIO076AFM8ayruAI8nxhZzYEBTGuZU68Fp+9GJf35oBaNSZo1GzINT3JsTBNjQv/T1LDyrE+F+bmeVbTiFtU4KIhkpk5V+p3/iJMosxCh3oR/g==
Content-Type: text/plain; charset="us-ascii"
Content-ID: <14B7725186A90544BFFC0E6683A5D294@namprd10.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5128.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f2fc82c0-6fe0-4db0-10af-08da96811522
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2022 18:43:57.5535 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ICVigN8OFfjBbHGssVkrnMzHBSE0fzOEQiFvG4gqv3N+MJYigwHxORRBoqc1zNhpDCiqiNyNWqM7KO4ELgh/Ug==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR10MB4682
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-14_08,2022-09-14_04,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 adultscore=0 malwarescore=0 spamscore=0 bulkscore=0 mlxscore=0 mlxlogscore=940 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2208220000 definitions=main-2209140091
X-Proofpoint-GUID: jwjZet0U_dATjqwDjb2dSPM-4APxH9rP
X-Proofpoint-ORIG-GUID: jwjZet0U_dATjqwDjb2dSPM-4APxH9rP
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/CYGHHNZrSWd8NEs5jX-3GaH3T8k>
Subject: Re: [nfsv4] Comments on minutes of wg meeting at IETF114
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Sep 2022 18:44:20 -0000

> On Sep 13, 2022, at 7:09 PM, Rick Macklem <rmacklem@uoguelph.ca> wrote:
> 
> Chuck Lever III wrote:
>> David Noveck wrote:
> [stuff snipped to just comments related to FreeBSD/me]
> 
>>> Let me give people some background.  Chuck objected to the treatment >>of SECINFO in some earlier security-0x draft.  He thought it was to >>complicated so we agreed that he would publish his approach, as he did >>in rpc- tls-pseudoflavors and I  would refer to that in the next security draft.
>>> 
>>> Now it appears that Chuck has changed his mind and I'd appreciate >>knowing why<http://why.ch/>.
>> 
>> Rick told me he is not going to implement it.
> This statement sounds somewhat misleading, although true.
> I do not see the FreeBSD client implementing pseudo-flavors
> because it does not use Secinfo/SecinfoNoName and I doubt
> it ever will.
> --> It just considers NFS4ERR_WRONGSEC to be a fatal error
>      that it maps to EACCES.
> 
> The FreeBSD NFSv4 server could easily implement pseudo-flavors.
> I was just waiting to see if there was a consensus that it was
> the correct way to go.  I'll admit I do not see that consensus
> at this time.

Rick made this comment to me in private e-mail last March (don't
worry, nothing embarrassing!):

> Since NFSv4 has no way of acquiring the pseudoflavors before doing
> ExchangeID..., I'll admit I don't see the pseuodflavors that useful.
> I think cases where the security requirements for a given client changes
> at server file system boundaries as fairly rare.

I concluded based on that that Rick is not interested in
implementing the mechanisms proposed in rpc-tls-pseudoflavor
for FreeBSD at all. The mechanism does not add value for the
use cases commonly deployed on FreeBSD NFS systems.


--
Chuck Lever

v2.23.0 | Report a Bug | By Email