[nfsv4] Fwd: SecDir Review of draft-ietf-nfsv4-labreqs
spencer shepler <spencer.shepler@gmail.com> Sat, 02 November 2013 15:10 UTC
Return-Path: <spencer.shepler@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8CA421F9D7B for <nfsv4@ietfa.amsl.com>; Sat, 2 Nov 2013 08:10:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.372
X-Spam-Level:
X-Spam-Status: No, score=-102.372 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SARE_SUB_OBFU_Q1=0.227, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0r8KqOyxdm+O for <nfsv4@ietfa.amsl.com>; Sat, 2 Nov 2013 08:10:11 -0700 (PDT)
Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) by ietfa.amsl.com (Postfix) with ESMTP id 1405821E80C1 for <nfsv4@ietf.org>; Sat, 2 Nov 2013 08:10:08 -0700 (PDT)
Received: by mail-pa0-f42.google.com with SMTP id kp14so5258626pab.15 for <nfsv4@ietf.org>; Sat, 02 Nov 2013 08:10:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=FYmdGK5d4ICoF33blEqMrBw906JjKj7IEQdlXo79DJA=; b=d97bRhkBB21y+Vk2UGE/AvlKgXNN7etwuEDMzUhvqB1m94jJwvfVW4PvRdDi0t58Zi fSQSo4V90qBnYMnCYYls/oh90iuTYPqGH1yS1ed2TQzvD+yockYGynHLdd+HmhpJckOS 7NqEeuSDivTew1Q5k5VQZN3YKDTxeP4LLnWkVnEBjnATiDe+6BDEvyTjjQSiOHoIC694 gdqHkvgWGMC1Lx51e66twffHGABLX9+HuY3mnV5desRMMJ3ml03fWPajSzmsi/jy7/Xn Hjf9ZdQkD1DHZmBrFGDyDxesKVqMbnsV9HQefomAk+wY4HQsMpGhZZdlSFVMQq++XNOY fHDg==
MIME-Version: 1.0
X-Received: by 10.68.190.103 with SMTP id gp7mr8553004pbc.74.1383405007709; Sat, 02 Nov 2013 08:10:07 -0700 (PDT)
Received: by 10.68.122.230 with HTTP; Sat, 2 Nov 2013 08:10:07 -0700 (PDT)
In-Reply-To: <FF6A9891-728D-4688-BE3D-663A2C1DF362@checkpoint.com>
References: <FF6A9891-728D-4688-BE3D-663A2C1DF362@checkpoint.com>
Date: Sat, 02 Nov 2013 08:10:07 -0700
Message-ID: <CAFt6Bam+JUvMTj8Bxqa44CeQczMKcDf4U56REp021YBvFUxF5Q@mail.gmail.com>
From: spencer shepler <spencer.shepler@gmail.com>
To: "nfsv4@ietf.org" <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="e89a8ff1c68a10abb304ea3314d2"
Subject: [nfsv4] Fwd: SecDir Review of draft-ietf-nfsv4-labreqs
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Nov 2013 15:10:12 -0000
FYI ---------- Forwarded message ---------- From: Yoav Nir <ynir@checkpoint.com> Date: Sat, Nov 2, 2013 at 5:29 AM Subject: SecDir Review of draft-ietf-nfsv4-labreqs To: "<secdir@ietf.org>" <secdir@ietf.org>, The IESG <iesg@ietf.org>, " draft-ietf-nfsv4-labreqs.all@tools.ietf.org" < draft-ietf-nfsv4-labreqs.all@tools.ietf.org> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments ust like any other last call comments. Short version: I think the draft is ready. This draft is intended to be Informational. It does not specify any standard. Instead, it describes the operating environment and assumptions behind labeled NFS. Labeled NFS associates labels with resources (usually files) and processes, where the resources reside on a file server, while the resources run on a client. Such labels (Multi-Level Security is but one example) are then used as a basis for policy decisions. The draft is intended for people not familiar with NFS, and does a good job of explaining the different scenarios. For example, with a limited server, it is up to the client to decide about authorization for accessing resources, and the server functions solely as a store. This model is surprising to people familiar with, for example, web servers, where the resources are considered to belong to the server, and it is up to the server to make authorization decisions. Other NFS servers, called "MAC-functional" have authorization decisions on both client and server. I found the draft to be well-written and informative. I have a few comments, but I consider none of them show-stoppers: - The introduction has this text: "DAC systems offer no real protection against malicious or flawed software due to each program running with the full permissions of the user executing it.". Put like that, this sentence is inflammatory. Discretionary Access Control protects you against unauthorized users running malicious software. It just doesn't protect against "good" users being tricked into running bad software. - Section 3.3 uses the term "opaque". This is a surprising term, considering this sentence about the opaque component: "The LFS component provides a mechanism for identifying the structure and semantics of the opaque component." So it's not really opaque, is it? The term "opaque" is commonly used when the data is unparseable by the participants in the protocol. Here, the client and a MAC-functional server can parse this data just fine. - I think the security considerations is missing some text on what additional security is needed in the case of a limited server that only stores the information. Something should protect the data so that client A's data is not served to client B, even if client B is malicious. Yoav
- [nfsv4] Fwd: SecDir Review of draft-ietf-nfsv4-la… spencer shepler