Re: [nfsv4] Agenda items for virtual interim
Chuck Lever III <chuck.lever@oracle.com> Sun, 17 October 2021 21:45 UTC
Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9405E3A11A8 for <nfsv4@ietfa.amsl.com>; Sun, 17 Oct 2021 14:45:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_BL=0.001, RCVD_IN_MSPIKE_L3=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b=CUdDeuAs; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b=GAGufzvV
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h0ZQXCF9QSL9 for <nfsv4@ietfa.amsl.com>; Sun, 17 Oct 2021 14:45:49 -0700 (PDT)
Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E4373A11A6 for <nfsv4@ietf.org>; Sun, 17 Oct 2021 14:45:48 -0700 (PDT)
Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19HL5wnw002586; Sun, 17 Oct 2021 21:45:45 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=corp-2021-07-09; bh=LeSJzozk2Wbovx+ctLYjkNUL/n8yzzK8qi7fIm9eZVE=; b=CUdDeuAsseTX1bw3y9YDiHFI2DuKoy3gsBtcr0PBFluHCil2Fb7YuxtC5QUDNNZOn1E4 1EPywdlX2lZ6EOAUR6JEm2P2lyQoK+kK4QWqKkZ3x9rG5SfzG3KszWdc2t3C0LnJXXW8 7dy+J1xV2RLMEGpEpYHXZbJbYSspVPqV2/mGGVybYGumsZQ0M+EL+EaEoF1y+x3MLjfo Zv1csoDdTJLZjrlg8iSGdca55tEshmYNzkjLLE/ViXkslS/MGE0stUswXbq3TdAH4Djt NDz6V+bEYUJao0fUiz3kGjU/bfzfhQxHZQZS+b6eVNSPB9zas5pWZC9IVLQkPD7VBflV xA==
Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by mx0b-00069f02.pphosted.com with ESMTP id 3brnfhghxc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 17 Oct 2021 21:45:45 +0000
Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.1.2/8.16.1.2) with SMTP id 19HLVSUc135296; Sun, 17 Oct 2021 21:45:43 GMT
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2175.outbound.protection.outlook.com [104.47.57.175]) by userp3030.oracle.com with ESMTP id 3bqkuugfug-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 17 Oct 2021 21:45:43 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S2A4ZevgmSajIuZfjx2LBQ6Nmor8mnA2jljXcIpNR1TmT6xNfcdwPqEWkyPflW5QqH9t+GnM9xgQSkcDyZ2ofFaODlNrZoY9ujkXIIOsIWe+pOWAYSg6PODqNVja/Ys30DGWmagV3S2/HBrnzdT4KoFzU0QDWScckaPEC/7SLhLPeJRo6DM8+bK7/NGM5bJrka7rtNhuCs1I2lgrTRbuDdOCTDiWn0tW7ZTCMHfDROspsmiJKR3FiFwcP1/1CjVqVzu06FFI7yY+PXykPl3q58bIazBVoRI7WAVh+uAsZzpT9+Ok9lDLKoYUlfhCk+MAiGsgFyFaF1JtqDuAr4cCtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LeSJzozk2Wbovx+ctLYjkNUL/n8yzzK8qi7fIm9eZVE=; b=du6JWyC+TkXS91wSG0zQy2hmiwk5m5RctAePMhC5PZSTSD3A1RVMxCaNeJMTjDpINxbL/uYWNDIHInoeDY2h2MZH0xmkWRjfZh2w7xZu0WXanUu3SZNaob5paOC2DFcB47biMLAPiQShn9Dwi8vuqMU3MRGXhMx4tyiWWoKw17Ts4ZPRpGYTQ75wSqD3BFHdde5t4wdE1rqYQjLA0ejj6aVZrxSJlLqbWWZPi9Sf+BzmxdG94hCiWTvK9MUZe4VGCsqdJqyPVjb4P+CaCgsbJWFHjdlIhunEsyhinphg/X+f5WFBA4Y9/04XgmH1o4eyAtrWMUOEyEj8JDa4m2IwzQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LeSJzozk2Wbovx+ctLYjkNUL/n8yzzK8qi7fIm9eZVE=; b=GAGufzvVJbRddW7tfqS7aDtz2M4h4BQ6FakKpxibPA2WPS8gRy6ruXSi6KJfKNzISsyfLQeLHHR/SxYcSqKnheWivPW6aMERmACgWI4cJLu7AkVJFpTzaIh6MaHiAxcxAOvqM70fFqQzXtwUXes7bPqKOk3aGPuGDuhigBmralA=
Received: from SJ0PR10MB4688.namprd10.prod.outlook.com (2603:10b6:a03:2db::24) by BY5PR10MB3921.namprd10.prod.outlook.com (2603:10b6:a03:1ff::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.15; Sun, 17 Oct 2021 21:45:40 +0000
Received: from SJ0PR10MB4688.namprd10.prod.outlook.com ([fe80::f4fe:5b4:6bd9:4c5b]) by SJ0PR10MB4688.namprd10.prod.outlook.com ([fe80::f4fe:5b4:6bd9:4c5b%6]) with mapi id 15.20.4608.018; Sun, 17 Oct 2021 21:45:40 +0000
From: Chuck Lever III <chuck.lever@oracle.com>
To: Rick Macklem <rmacklem@uoguelph.ca>
CC: David Noveck <davenoveck@gmail.com>, Tom Talpey <tom@talpey.com>, NFSv4 <nfsv4@ietf.org>
Thread-Topic: Agenda items for virtual interim
Thread-Index: AQHXwpGttGFuyxBM60eQzXiEbYfQQKvWI2yAgAAPYK2AAYi3gA==
Date: Sun, 17 Oct 2021 21:45:40 +0000
Message-ID: <E6705D18-01A8-4792-8543-F0753B591A7C@oracle.com>
References: <CADaq8jd_pcwJrqnFCqnHo7DXxnzc+ZpL28wRUMqkK-3zesc6mg@mail.gmail.com> <7560301C-4C5C-422C-9F55-B4F362AE5BF7@oracle.com> <YQXPR0101MB0968C79FEFC81144219D2ECEDDBA9@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <YQXPR0101MB0968C79FEFC81144219D2ECEDDBA9@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.120.0.1.13)
authentication-results: uoguelph.ca; dkim=none (message not signed) header.d=none;uoguelph.ca; dmarc=none action=none header.from=oracle.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c1e7aee5-cd8f-471a-5075-08d991b776b6
x-ms-traffictypediagnostic: BY5PR10MB3921:
x-microsoft-antispam-prvs: <BY5PR10MB3921DD5FC79D261F39A7F0CE93BB9@BY5PR10MB3921.namprd10.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: F4751vpC1TxTGLErzrV/4FKjM95K6+l2UghQZikUDznDv/SBMFUXteb+WKsb3K3qwmdj6N/dwQQtfyUxuaLRIxu9qimIWKKo89WUa/ZRcUvDS9LWHVN8yFFxupy36efSA5eBlA+MmH0thc8Y6PnqrFPGQgDourVlgRY1b3c3MCa25t8Lk8aVnXRPmjUKKvYA4JAijj3YCnoXG058QEWq61D/hZyEtOWOVIhLa5ovQuOCQNSuAuKYm+TTJEg4BSUWrtuwVunNeBDwf0+/YMo63z/kZYjXIqYaOBL+n/X6oXSqUzZHsXMXJMTSgdS64xIcJR5jw/VWjmMVdmkWbS/UeQ3n53tHuWc3GmdZFJt1H2GyahR49xOLYdUXqtx65AYv5SRUWoSUCSCs7qwOPCoLNumllQj9SX0AgvxyayVAja+eWr1S6MEY0wim5YD4T8aT6k4mfVil6WZDweVA5QiVp7V28T9HFS25sW9VNBBvWHs+Vdf00f5btjCbGt680Yv9xXycIsMndVm+cA8bBUdYW4RJByk+ThZp3VUAm67LiGP2TKC2e+BslFUV8N6hwQ0olQoCD37Na98oiSFz3Fm/YWGUxnrfQXWq0eICOAnuECv3UB4P61402RcEFRbqXXemFs8QzeNH6pk2UAUdfL1HTCnYUXvXk10sqD2tXTlMe/E+09OkSpxWtTscINcwL2aa1h1t4ZY/PsKeoDBujbCxJYg4K3lj39oMERplfZTo6Jh4TOijfcRolFBtcLzeQlou
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR10MB4688.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(86362001)(2906002)(122000001)(4326008)(53546011)(54906003)(38070700005)(6506007)(26005)(5660300002)(8936002)(6916009)(83380400001)(66556008)(186003)(66946007)(6512007)(36756003)(76116006)(8676002)(66476007)(66446008)(2616005)(64756008)(33656002)(6486002)(316002)(296002)(71200400001)(91956017)(508600001)(38100700002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: iJP4bJYH/CyS+l8A94L6i4gJF67febS3w6663nTBK0yFfJ6M16Ap7GVK9fk7XSnpJOgxHCr6TaiaW/JFwWhaUn0riyb1Yq+eaSCD/LeIkgo0fsTKxsxJqarTDossQzda8Fnwia+Zleq0mRHW8UshUXE6z/dA3na9NxCwFUOayVF/hVsIcHw/4Zbh3Joh9wv7QVu2nW+DVn11wqKy7BLqKWrh1JgwpE6gQpgcb1dGz4/yBTmuDQ+iY5c35BsHCFVPLHO61AYwWMNF9rCbsEq2T9CNeSXhaBjdfIKyXExO3EKwoxkc6BNz5spHnWenvv0JQ6+ZM4rAWHa/K8jWMENAd7wIfaetGr3NEQeoSWl+h08Q6ji7V6O6GQftTHxJIrE5BeB4S1ym1Vefg/lFGEc+7nDGSZFd8O+lSVqdl0960LWGyQu7sGg/DBtBKRV1W4S0uxHisdG+afzt2fe9+hoQ8Mt35QT3AtceOKhRCYGLnwAMmBhioF1qNyKktlMeEbhV0tIHTn0RSGmjS3mIqX/39bT1bjrcQbBesp5DhjZqWjkOCWYtBw1zCy6YWtCEE3Faryj56Q/2cJ/VIyU8eQC2ct5zx1rp7L6wY8X29//602Nv+3mXhTre9ZiuLIIxtbwpbfOz79gYBLVNHL8JzOGKa05iTJa5Xe8Asn+fKJgWYB++zUDlRUSdIhW5IQtvrbLpBhIkdc/PNQ03T3odYam4Lw5CiMKIfVwCpMeOYyy/yzuRYP1rXsdwF2L3WAjTEdcUCUXojdOmSePdnlaJRl/T7rEvd4dXxIlMuXdyfzwjPkyZ7GiRp+eGza0FcYTsl9xp0IHekpEsBWjYMeEJ+86h+4k1sQBiaPKI6w/mVJ099YnqcZ135khuc3CfkuAx5msYBuV/Vb1460XOUG9pdtoEWhYh18zchJzqWPZKC0uag3g7m8hoHo+EeoEwu6/ztoxWNzpKUQPTVCelWSQnR1kzAnzSAXRd/9VgOdcQ+3uci93SYxaYc57w6iBOjOj/qGocwgUfVvqwgkTXwqTRo4SWKgyN9aBVjKDEWyb6ZrQSzxgkGwFCsCrxzxKr0w3qzDbHPt7YRFWiFRyRaU3gu4l7ixBK2XXnu+YIvuKX5u60i57zZBYz1x41I2cF3mVXJ3gbP0FE3blvJK5PWwGFNImNcowg5wS4ZJSMwc4NucLTdWFerNvYY958fsXItK4k3Y9omENeNp5MjVLzgLJXSqHsD1G7OqrFi0Q8+bb3U+nM+ybe8WYLBRqizEW5hNPBR8oiRB24/X1uKiqQ0JYd5WWpL2plt40NWJ32BNejGt3TmsDaljGyQFaj8d2V1Mnk/FSf
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-ID: <A20FE9DB1C81EC4183C32B1C490C5F81@namprd10.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR10MB4688.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c1e7aee5-cd8f-471a-5075-08d991b776b6
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2021 21:45:40.4595 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: PeqkTJYJuPfhKwA/8eEqRB5OQxUZja+oKhXUF3HxLkDLV1iggXE1RsZKkHDOzeL+AGSBI1cLTfhGar7MphwcFw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR10MB3921
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10140 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 suspectscore=0 malwarescore=0 bulkscore=0 phishscore=0 adultscore=0 spamscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109230001 definitions=main-2110170143
X-Proofpoint-ORIG-GUID: Z7GCF4UwHz6BKWhCpSXmTqttRWzPHVT4
X-Proofpoint-GUID: Z7GCF4UwHz6BKWhCpSXmTqttRWzPHVT4
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/D1tD6ZoP2_JpTtwsm5Jf9JmLYh0>
Subject: Re: [nfsv4] Agenda items for virtual interim
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2021 21:45:54 -0000
> On Oct 16, 2021, at 6:33 PM, Rick Macklem <rmacklem@uoguelph.ca> wrote: > > Chuck Lever III wrote: >>> On Oct 16, 2021, at 9:28 AM, David Noveck <davenoveck@gmail.com> wrote: >>> >>> I'd be interested in hearing from Chuck about his thoughts about addressing use of RPC-with-TLS for NFSv3 and >>how that might or might not interact with the v4 security work now going on. >> >> I haven't had a chance to read nfsv4-security yet. That is at >> the top of my to-do list. >> >> After that, I think I'd like to huddle with Rick to discuss >> how NFSv3 should work. Once we have something, we can present >> options or discuss it on the mailing list. > Well, for the implementation I did for FreeBSD, it just worked. All the changes were in the kernel > RPC layer used by all versions of NFS, > --> I suppose there is the question of crossing server mount point boundaries, where the > requirement for RPC-with-TLS changes, but at least for FreeBSD, NFSv3 exports individual > file systems, so there is no issue. I was thinking that the MNT procedure would have to provide the same list of pseudoflavors that SECINFO deals with, and the server's kernel would need to enforce the administrator's policy of which ones are permitted. I'll have to study the MOUNT protocol Appendix to see if adding unexpected flavors to the result of MNT will be a problem for existing implementations. > Having said that, I have done nothing w.r.t. the ancillary protocols (Mount, NLM, NSM). To do > Mount and NSM on FreeBSD, the userland RPC library functions would need to be modified to > support RPC-with-TLS. This wouldn't be hard to do, but might be hard to deploy, since it means > that all RPC programs would need to link to the OpenSSL libraries, and that might not be > acceptable to the FreeBSD collective. FedFS on Linux used to require LDAP and still requires libxml2. For FedFS support, the Linux mountd does a dynamic module load. If that library happens not to be available then FedFS junctions are not available on that server. The same approach could be taken to handle RPC-with-TLS support in Linux's libtirpc, but I don't have a plan to do that yet. Linux handles NLM and NFSACL in the kernel, so these could reasonably be modified to use the kernel's RPC-with-TLS support. NFSACL will probably get TLS anyway because it is conveyed on the same transport as NFS. > Not sure if support should be required for the ancillary protocols and not sure who would decide? Implementers decide, of course. The Linux NFS community has so far decided not to protect these sideband protocols with RPCSEC GSS, for instance. (IIRC Solaris is the same). > (Does Oracle claim NFSv3 as theirs or is it just an orphan now?;-) NFSv3 is not an orphan. Sun Microsystems contributed NFSv3 to the IETF back in the 1990s, so Oracle does not have any unilateral say regarding what happens to it today. I don't believe the nfsv4 WG is willing to publish any updates to RFC 1813, however, so NFSv3 is effectively moribund (tm). >> In short, I agree this is something that needs to be discussed >> at some point, but I'm not confident I'll be ready by Oct 27. >> I'd prefer to see some discussion on list about this before >> we bring it to a WG meeting. > I'll be interested in hearing what others think? Chuck, if you want to email off-list, that's fine with me, > but I'll admit the above is all I can think of right now. Well then we might be pretty close to having a cohesive plan for NFSv3 in-transit encryption. Only WG decision being where to document the conventions and changes, if any are needed. -- Chuck Lever
- [nfsv4] Agenda items for virtual interim David Noveck
- Re: [nfsv4] Agenda items for virtual interim Chuck Lever III
- Re: [nfsv4] Agenda items for virtual interim Rick Macklem
- Re: [nfsv4] Agenda items for virtual interim David Noveck
- Re: [nfsv4] Agenda items for virtual interim David Noveck
- Re: [nfsv4] Agenda items for virtual interim Chuck Lever III
- Re: [nfsv4] Agenda items for virtual interim David Noveck
- Re: [nfsv4] Agenda items for virtual interim Chuck Lever III
- Re: [nfsv4] Agenda items for virtual interim Chuck Lever III
- Re: [nfsv4] Agenda items for virtual interim Rick Macklem
- Re: [nfsv4] Agenda items for virtual interim David Noveck
- Re: [nfsv4] Agenda items for virtual interim Chuck Lever III
- Re: [nfsv4] Agenda items for virtual interim Chuck Lever III
- Re: [nfsv4] Agenda items for virtual interim Rick Macklem
- Re: [nfsv4] Agenda items for virtual interim David Noveck