IETF Logo Mail Archive

Re: [nfsv4] Thinking about an RFC5661bis.

Benjamin Kaduk <kaduk@mit.edu> Fri, 01 March 2019 01:00 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D65031310EC for <nfsv4@ietfa.amsl.com>; Thu, 28 Feb 2019 17:00:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 97OvYqJiV9WM for <nfsv4@ietfa.amsl.com>; Thu, 28 Feb 2019 17:00:05 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-eopbgr790090.outbound.protection.outlook.com [40.107.79.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 158761310E8 for <nfsv4@ietf.org>; Thu, 28 Feb 2019 17:00:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EB07egOOwIiIl+OT72bxjFtrpHndsXAHE7hdL8g+aq8=; b=dvK2kYiBZtDz8COnSUc1OiRdfFhoaJSBaek9mgy5rpB3ZyCORhi0hFPMCwpivGATj7gQZH57lIOIZ4wubBVeT+RMuk8BhiUA66bDkbu/ig/6r1AP033qMBN7J4PYDXksrEL/eXN2XLLN3LSRmYROYIwwtZ5+DUOzzNd8ZxvLcgU=
Received: from BYAPR01CA0013.prod.exchangelabs.com (2603:10b6:a02:80::26) by BL0PR01MB4851.prod.exchangelabs.com (2603:10b6:208:7e::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.16; Fri, 1 Mar 2019 01:00:02 +0000
Received: from CO1NAM03FT012.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::200) by BYAPR01CA0013.outlook.office365.com (2603:10b6:a02:80::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.15 via Frontend Transport; Fri, 1 Mar 2019 01:00:01 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT012.mail.protection.outlook.com (10.152.80.99) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.13 via Frontend Transport; Fri, 1 Mar 2019 01:00:01 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x210xv76022435 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 28 Feb 2019 19:59:59 -0500
Date: Thu, 28 Feb 2019 18:59:57 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: David Noveck <davenoveck@gmail.com>
CC: NFSv4 <nfsv4@ietf.org>
Message-ID: <20190301005957.GK53396@kduck.mit.edu>
References: <CADaq8je5pzF7m+4oVCNfSeeBDQ98kBwAdCN_o1hBrfDob=SBaA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADaq8je5pzF7m+4oVCNfSeeBDQ98kBwAdCN_o1hBrfDob=SBaA@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(136003)(376002)(396003)(39860400002)(2980300002)(199004)(189003)(47776003)(75432002)(55016002)(1076003)(356004)(46406003)(66574012)(14444005)(6246003)(1411001)(8676002)(8936002)(23726003)(97756001)(4326008)(106466001)(2906002)(33656002)(50466002)(53416004)(246002)(88552002)(36906005)(305945005)(11346002)(446003)(229853002)(476003)(486006)(956004)(126002)(426003)(336012)(6916009)(7696005)(478600001)(26826003)(76176011)(58126008)(86362001)(316002)(786003)(16586007)(5660300002)(104016004)(106002)(26005)(186003)(52396003)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR01MB4851; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: ab53b3cb-2c88-4be3-714e-08d69de13bd7
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:BL0PR01MB4851;
X-MS-TrafficTypeDiagnostic: BL0PR01MB4851:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4851; 20:mjFu7IBRwN2j9l6Y1QrZtbzPZZPrt4kU8m2Thx9KDuUsezdy+I/uLKSRRIY15dBFnbGd0jWld8e1BNrGAYBOGL75+GcO/XCQUFXmtRncp3d3B0SsOlJNgKIcJ216AZKuKBXePEIMnMX5dU5Lnw54O1uDAgo/ijQ46JeNV7M5zxC2DqXEpJdQ/VHVIU/aYtbh+R8WvS7XG4exq3yqnY+WNaSZcSqmCujstZU87uBlZtDxZlXTDWNko/p+wNyhS24tlmEetqwqEEZTgwFsmd6NcPWPMp+czfe04fNLB+yoLht8LHGfoMhSSXStOnq9pWnyWi9ezhrDXPlsWzaBHNT8cf0zHNPOegxPsDFsI7HuZEXML7FRnKoOj+RJZkXHgkiZ3b874D/uxUZQ6qHQ/Wjo/bJkurpEjjb4L1axDe9ZbeLK4LLRVmDr0FPBxMjBCwX0lVjm/r38MeR3cpZXF2VwRG1f6N7oTPgE6IkNSAI3IXSdrXj4jFdnJDfuVi+cicGw/6teJ3O9loPFKjFqjpQmwx1BFtPZ0S19lZAsum7bLidvYdfH6ThPRTwQbGMkIOyWkkJhQzNQIBWAGa8W2WS+cN2ifODr9Qh75FfUsYRM6c8=
X-Microsoft-Antispam-PRVS: <BL0PR01MB48511503D242AC526FB853E3A0760@BL0PR01MB4851.prod.exchangelabs.com>
X-Forefront-PRVS: 09634B1196
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4851; 23:wKxy1HEVHJtr+ltUyaGK6EY7DaRMqjQZsgba4wKpych3YvAi75iOJr5zqoWaSKZdcnFbkTFqxqybLvlJkjFMblOZBzySMaOiddAhHc2tm2C95K/0yKvYZY8W9xO6MNy+kBPpajM5IQGFue02V2wlY96+ou3KoHu+aHnkY6sb7WENSAR12L+n/VlSRFWCyAf/eCa0139qb7bxbMfYj1aC84Gb3o9sTEN0mJ0/0zsp3SvLCYwvSy3QlSzFbZYyNEXtTfGfW+l6A6ARvIlMpxdh0RvRLRRFPGcXlX6BT7BTz79K37uh4ukEF8/fb8P+b27Zv4yba7cKJqE+N5yktqDn5i1ctR4BnL+hNHiTOJG8/UgGKF8Bln5aWMq+C0+mbMBQ1un5176o8buq53qTRc/2LGQEGNp5mDOTh+g7weL5YLLNiAdVtbC6LB/1LuFhcyZ7RNT4GvTmnwDLoJwT7i8Y4PVjT1Qss8Grl1KuCV9eTTEojC39oGxN2qV8ULcw2A7nKCvATLtGNjD6GevM6qggP/2Pb9Z9wFtpDpci4RaAbLlbYwAdxJq2yp/+zgZSDnEld3lRwITBLgAQdcxBNT/8G0ZuND1EoR1zVIyQj7wcJnzrAN54HbfXsveEWDPNdhmufdYgjeMrEjpds+N6hPgd2AHI2tKKurigeow0KPTeokUqcVU7+GMfxmeINlxT0GM4dwX5LJ9s4/reIyRyU8obttyHk2M8AN/sZ8hhHZj7g2/RfRdzKY7V7PP+/IrKJyHOsKAy6DwhMrUirIYDmNrs3CnnX1/ujutsS75hJD3BdQGL8iUQbeiixI1dkvOG1VYu8LN+Q9Gl1LAMgkuugOYm0UJLRF48Kj0Gt7m2jly2Q/FqnCHZ3B0Ddjrl6U1u/DwfipzSDjvWqsArwA/EFmGFI7t+6a6OvMCUKWV06WX/a2GxqtBKy7CjMV7QKi7IkNn03B0G9xoWlviy4lLPsf7izApcWzTF4ewnUgGCGGupCDuU3kTnA+BWJgD4LpknS+mlnqfwk/kKZBJgmYY/C/j4DvcXxXChlmPPnUMK/cM58yYYxC17kdEQBjH0zl33RCgn5onDSdttL801OCm1uUYhgsndwEqr7WN9PXxWErY99207Hj+8qro9Xrwko6KGfdO7Mrq56RERoFbSC590Fm59RIm25Tzgt4MrlaFg/783CiL+1ix/ApqWu19VtmuCGwVzmF1J9CQnCYyX1Wdu6CW/4oEdiHf8+rgA+f95u3zd87sd5klRHiON4fi0EQtGGDWY
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: afJlomQPGbfSkjrss9ClMiKmZKHc19tc8Df1SD0AztPl83FJ70T2Rpb0IQX4Dhbn7NhJOfr8h46QNqBgNshccwjXf2gCEljkAfgSNyQHmq14JrGZnDzcjvBeRtzKspE22DJG8bms+4crTGKhm+2kogaVVuyvQRVQL/iP0R1QFUOLm570xOA4b9QlcWQb3FCtLTGz29rl0stuSgZU9x50i2H5RjMrAkYxHomQzw/EiPMtD+J/5cxehuzmnSKzJncEfTOCUuqMiAb0/k8XqXAvFwzaHQ4wK6TDazUPYCNSSTd4kSWdKAKD0GR6AgtHHz6Pz9XxlT4CrhfZDMaw355KSPmLsUdS5ejHWcHZcSJUMRtxbDgrMpRs2/BbObT6JQSucTjA2XsYgkMHalXVmKfiPyNRe9FDCm1GS4TWlhnX8dc=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2019 01:00:01.3028 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ab53b3cb-2c88-4be3-714e-08d69de13bd7
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4851
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/DYB5wL9TJ3-taofMyhyxbLtKxWE>
Subject: Re: [nfsv4] Thinking about an RFC5661bis.
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2019 01:00:08 -0000

On Thu, Feb 28, 2019 at 09:37:28AM -0500, David Noveck wrote:
> A number of review comments regarding draft-ietf-nfsv4-mv1-msns-update have
> raised the issue of a possible bis document for NFSv4.1.   These range all
> the way from those assuming that mv1-msns-update is a stepping stone on the
> way to the bis document, which I agree with, to those that are asking us to
> explain why we haven't already done that.   I will have to respond to that
> latter comment, but I'm hoping to delay that until after the telechat.

Thanks for starting this thread.  Since I am reading already...

> In any case, it seems that we have accumulated enough changes to and issues
> with RFC5661 that we need to start thinking about producing a bis
> document.  These include:
> 
[...]
> 
> The joker in this particular pack is the Security Considerations section.
>  While we have to address the Security Directorate's notorious, "collection
> of random observations" comment, I think we need to do so in a way that is
> compatible with the expected draft-nfsv4-rpc-tls (hint, hint), even though
> we want to be able to publish without waiting for rpc-tls to become an
> RFC.  While draft-cel-rpc-tls-02 states that use of AUTH_SYS is currently
> "discouraged" and that is a fair summary, I don't think RF5661 ever does
> that explicitly.   It may be that we will need to explicitly discourage use
> of AUTH_SYS  in an rfc5661bis (without, I hope, going so far as "SHOULD
> NOT").  I think we need to frame the discussion around the three big

It will be interesting to see what the text around that looks like --
starting from just the Internet threat model of RFC 3552 it's hard for me
to imagine that behavior like AUTH_SYS would be anything other than "SHOULD
NOT".  But please to not take this as trying to discourage you from trying,
and rather as a chance to educate the security folk.

> security deficits present using AUTH_SYS in the clear (exposing your data
> to prying eves, using  data that has traversed the newtwork without
> integrity protection, acting on unauthenticated requests) and not on the
> use of AUTH_SYS per se.  If we do this, we can publish and implement

Dividing things into risks and countermeasures is usually a good strategy,
rather than focusing specifically on mechanisms, yes...

> rpc-tls without needng to further deal with the security considerations
> section of the NFSv4.1 spec.

...since once you start talking about *properties* of the protocol
components, it's easier to slot different backends into place, provided
that they provide the same (or better) properties.

-Ben

v2.23.0 | Report a Bug | By Email