IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt

"Everhart, Craig" <Craig.Everhart@netapp.com> Thu, 27 September 2018 16:09 UTC

Return-Path: <Craig.Everhart@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CC05130EA2 for <nfsv4@ietfa.amsl.com>; Thu, 27 Sep 2018 09:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZQPT2p4PDDjM for <nfsv4@ietfa.amsl.com>; Thu, 27 Sep 2018 09:09:03 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0609.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe42::609]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6EE8130E9B for <nfsv4@ietf.org>; Thu, 27 Sep 2018 09:09:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/GzEM7ZXHj2DJZh/9C5Bfj+un0UYnaTYply0C4BqYO4=; b=bvs5XtPeu/C4/Qo06t0iOZ8XESSn6rfKpnOxXaF2AIYb2Q5soef4VElZOP5IFG5/6s9/lC1bMEHGOu0TZ78JVY5cf1givWM7OBweSF0EpGDXXyJt2APyl2q4loktO9QM9fKDUePftQzy2EJiG+YS67bzS04EDF/cuiOw1Or9H6k=
Received: from BN6PR06MB3089.namprd06.prod.outlook.com (10.174.95.163) by BN6PR06MB2545.namprd06.prod.outlook.com (10.173.22.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1164.25; Thu, 27 Sep 2018 16:09:01 +0000
Received: from BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::b14b:693:53a0:4753]) by BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::b14b:693:53a0:4753%5]) with mapi id 15.20.1143.022; Thu, 27 Sep 2018 16:09:01 +0000
From: "Everhart, Craig" <Craig.Everhart@netapp.com>
To: Chuck Lever <chuck.lever@oracle.com>, Bruce Fields <bfields@fieldses.org>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt
Thread-Index: AQHUVBbK0p+SUG1AXki8zkbqfVSeJqT/iDWAgAAK2oCAA3HogIAAAZqAgABPtICAAPACAP//x0oA
Date: Thu, 27 Sep 2018 16:09:01 +0000
Message-ID: <E960590D-7284-4C08-83F2-C066F4713244@netapp.com>
References: <153780090601.28221.16958675117475194416@ietfa.amsl.com> <CADE569F-8584-42CF-A297-E60956D368A2@oracle.com> <CAKKJt-fmB5psmtbm9PJTnhkZkZLCBnCVZnr3fMsf++exN5XObQ@mail.gmail.com> <20180926202157.GA826@fieldses.org> <1F2E60B5-E09F-4B33-8301-99C5E5A0F310@oracle.com> <20180927011257.GC2715@fieldses.org> <8461C2B0-41B3-4983-86F3-78DC4B36D077@oracle.com>
In-Reply-To: <8461C2B0-41B3-4983-86F3-78DC4B36D077@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.11.0.180909
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Craig.Everhart@netapp.com;
x-originating-ip: [216.240.30.4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR06MB2545; 6:uqVIrlAXQTsisfHgYTbgUqgRApWsvEbPgx/k4bChfzKXhmC02yaKjvsMIBnBFk13CGzLQ3bmWUIJY22IecTqEDxmTzdmESeoLP6g3U/g6KOeWPVIh9xDsvf5pJxu9uv3q/Bj3aA02McN+ltpq/GZjJ85dI0DeTBvpxsxihOsYCYC6VM7brVaGHwCATy+9E3lKfk5uJh3nIKxUrhw77GUArOPyPDRmv2xJePhiWih44m572UDCw5PaOws2JY6Pc0o8rJQ1nS6oGbUZNSoizrr/u7ihPz9q8O1h0DWBUZE7IQtBQEt5KeMk9hEGo5ojDlaTAdKlSCSalxghON6N/ojGh8smfWvH8avwk4HJx5ThB/FVqvCxT/uQQyFtyMyF058rXcqbMKm4EVQ6kLOKAP9OFarrdXGfgr+8Lz6Z2LjT3Wuv+lNJBd4VezvT0xT/V+HooHZB7MVoT7B46WtJ4V/Hw==; 5:7NKxSBtTDxaiDAt+H/hr1Orkxe2XmRIJ9XTAdudxXgXkVAaHTpJxWMiuB2ju4MnBKXUvfze5EH7IW/CYVdfRxcW9WngvANUtgWFWgG+xGYdUml4I7g0ee+6NnwuD3mBMRb0nJqon5psyhXMT6LJH/PZZ1FplPn4rzhyIO1qIhPc=; 7:zPMV7EIRcMaCRmyihJlpyv6oPskSZlTRTq09llZrIrpyFOtF4P+mVD4u2W+cTH5TSQTslUNhoUnJ6tw59ERiTG9Logsq/EwlU+g5wJK5FTNrQr9/6SnNGBa6nH3IqBvawZPbhQ0hNzd3jcrngF0/t/sgQCXkKRWMzvYUtVJX/GVijXAc030MvYMTf6TG53iEXaXJJgS4jDX090Z5iq3tGbx/ZOcOxQM52xYLlJkqyqpQvhP2SJ3Z4dDbA9K6+MJY
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 2dcefc0e-4b43-4325-174e-08d6249389f5
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7193020); SRVR:BN6PR06MB2545;
x-ms-traffictypediagnostic: BN6PR06MB2545:
x-microsoft-antispam-prvs: <BN6PR06MB25454DEDCF4F2BDD02465908F0140@BN6PR06MB2545.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(35073007944872)(158342451672863)(146099531331640);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231355)(944501410)(52105095)(3002001)(6055026)(149066)(150057)(6041310)(20161123562045)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(201708071742011)(7699051); SRVR:BN6PR06MB2545; BCL:0; PCL:0; RULEID:; SRVR:BN6PR06MB2545;
x-forefront-prvs: 0808323E97
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(376002)(366004)(396003)(39860400002)(136003)(346002)(189003)(199004)(93886005)(36756003)(102836004)(6506007)(256004)(26005)(14444005)(68736007)(4326008)(72206003)(3846002)(2906002)(6116002)(25786009)(66066001)(478600001)(5250100002)(97736004)(316002)(86362001)(2900100001)(14454004)(33656002)(6246003)(7736002)(53936002)(305945005)(71200400001)(486006)(83716004)(71190400001)(5660300001)(6486002)(446003)(476003)(11346002)(186003)(81156014)(81166006)(8676002)(229853002)(110136005)(82746002)(105586002)(106356001)(99286004)(58126008)(2616005)(76176011)(6512007)(8936002)(6436002)(34290500001)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR06MB2545; H:BN6PR06MB3089.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: /Osl2cms+kT9hjgPg16/50DQ2ECHCbrrkvfZIib+bZWvTOSC/O3811QOTtOkTktppE3BaLnlX7hDAHw6qR4FnK5jGKvBJ3CwHgANaAVckP7mLE16n+mPE/adTjsShsaWfYZxiQS2UKY5+YUC+ANK9pAXiQfkipMhMSmsfDJRVByyTkIMKumTxg6koepasdz7zuSmCjnxoA2SEYhlsdaLY0fWTILRciIJmpQHSyRwqFRQE3SDalk3Gg/w7a2JP8VHFwtjEAqtaJqZeWbO5hAM215NvXdPf6IJ7yCijPhtMf3qpAIkIOYTYPz7uKEVQzpeBqHuRVfQTv+q1ySawoHw/VJEi9RtayDX4VcPTqo9CP8=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <76DB8F9DCF2ADA4E94E58BE972E8E09E@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: netapp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2dcefc0e-4b43-4325-174e-08d6249389f5
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Sep 2018 16:09:01.2212 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2545
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/Fb28HWkNz2k9DMIOCo5VMqq5POc>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Sep 2018 16:09:06 -0000

This exact issue needs to be discussed in the draft--whether it makes sense for clients/servers that don't a-priori recognize the "file provenance" information to reject the communication, and how.  Should non-recognizing servers store the information blind?  Or should they reject such files?

Essentially, the draft seems to imply that there's a well-understood way that some community of file handlers has of describing file provenance.  Instead of explaining what that is, the author(s) of the draft simply want to standardize a way of describing data that is otherwise opaque.  The draft gives no information on how to construct an appropriate file-provenance blob of bits, to my reading, or to explain what a formatted blob of bits would mean.

Let's say that there are multiple communities that all are composed of people that understand some formatting scheme.  How should they interact?  How would I (a file server) take a blob from community A and present it in a way that community B would understand?  Or is this formatting scheme to remain opaque forever?

We had an analogous tussle many years ago with the "8-bit-transparent" file name stuff.  One community wanted NFS to simply save file names in their full 8-bit form, without interpretation.  That's fine as long as everybody who sees a given name knows how to interpret it.  (This was in the days before UTF-8 or its analogues; we had a lot of localized character sets that people wanted to use verbatim.)  Thank heavens that we no longer have that particular fight.  But this draft feels analogous: it apparently wants NFS to store and retrieve "provenance" blobs without altering them, saying that they have meaningful semantics, but without explaining what those semantics are.

		Craig Everhart



On 9/27/18, 11:32 AM, "nfsv4 on behalf of Chuck Lever" <nfsv4-bounces@ietf.org on behalf of chuck.lever@oracle.com> wrote:

    The consequences of not recognizing the file provenance information
    are not dire. In those cases, clients simply don't allow access to
    the file's content, and the implementations are free to report to
    the administrator that the FPI format is not recognized.
    
    Would it help to state that in the draft?

v2.23.0 | Report a Bug | By Email