Re: [nfsv4] Potential erratta for RFC7931
"J. Bruce Fields" <bfields@fieldses.org> Mon, 03 October 2016 21:01 UTC
Return-Path: <bfields@fieldses.org>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90626129553 for <nfsv4@ietfa.amsl.com>; Mon, 3 Oct 2016 14:01:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.898
X-Spam-Level:
X-Spam-Status: No, score=-4.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T6yM7J4RIR6J for <nfsv4@ietfa.amsl.com>; Mon, 3 Oct 2016 14:01:50 -0700 (PDT)
Received: from fieldses.org (fieldses.org [173.255.197.46]) by ietfa.amsl.com (Postfix) with ESMTP id 1D39A129550 for <nfsv4@ietf.org>; Mon, 3 Oct 2016 14:01:49 -0700 (PDT)
Received: by fieldses.org (Postfix, from userid 2815) id A7F7D201C; Mon, 3 Oct 2016 17:01:49 -0400 (EDT)
Date: Mon, 03 Oct 2016 17:01:49 -0400
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Message-ID: <20161003210149.GH3324@fieldses.org>
References: <CADaq8jdc+5oLkvaxNkpxm65gH_X8+fGarZLAsq-bgGrUxSYC3A@mail.gmail.com> <20161003151158.GE3324@fieldses.org> <F37D4338-2D86-4B97-83D0-B0F7BE7B85E4@oracle.com> <20161003153707.GF3324@fieldses.org> <38F410D9-349D-4221-BB14-D2D196FB4EBE@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <38F410D9-349D-4221-BB14-D2D196FB4EBE@oracle.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/HZYSd-8oc_scFZr8TbcWoVKpeTU>
Cc: Bill Baker <bill.baker@oracle.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: Re: [nfsv4] Potential erratta for RFC7931
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 21:01:51 -0000
On Mon, Oct 03, 2016 at 12:25:30PM -0400, Chuck Lever wrote: > > > On Oct 3, 2016, at 11:37 AM, J. Bruce Fields <bfields@fieldses.org> wrote: > > > > On Mon, Oct 03, 2016 at 11:26:10AM -0400, Chuck Lever wrote: > >> > >>> On Oct 3, 2016, at 11:11 AM, Bruce Fields <bfields@fieldses.org> wrote: > >>> > >>> On Sat, Oct 01, 2016 at 09:02:52AM -0400, David Noveck wrote: > >>>> Although the NFSv4.0 specification requires the server to make sure that > >>>> such verifiers are very unlikely to be regenerated, different servers may > >>>> use the same approach to the construction of such verifiers, raising the > >>>> probability that two distinct servers might inadvertently assign the same > >>>> verifier value. The fact that the servers in question have assigned the > >>>> same clientid4 may raise this probability. In order to guard against the > >>>> possibility that such assignments might cause two distinct > >>>> > >>>> servers to be incorrectly considered the same, the SETCLIENTID procedure > >>>> mentioned above needs to be repeated at least once. > >>> > >>> Nit: I believe your argument was that one repeat was sufficient. If > >>> that's the case, let's say that. > >>> > >>> And the bottom of p. 24 also needs an update: "Note also that the > >>> callback update procedure can be repeated multiple times to reduce the > >>> probability of further spurious matches." > >>> > >>> I'd update it to something like: "The callback update procedure must > >>> then be repeated one more time". > >>> > >>>> This will ensure that > >>>> the sucessive confirm values SCn, SCn'. SCn'' generated by these repeated > >>>> SETCLIENTID operations cannot all collide with a verifier previously > >>>> received by the client when communicating with IPn. > >>>> > >>>> Comments? > >>> > >>> I think that's correct, and it's a minimal change, and therefore maybe > >>> it's the right thing for errata. > >>> > >>> It bugs me that the only client I've looked at does something different > >>> and much simpler. > >>> > >>> After receiving the SETCLIENTID with a clientid matching an established > >>> one, the modified RFC7931 requires, if I have it right: > >>> > >>> 1. SETCLIENTID_CONFIRM to the new server. > >>> 2. SETCLIENTID to the old server. > >>> 3. SETCLIENTID_CONFIRM to the new server. And with this fix: > >>> 4. SETCLIENTID to the old server. > >>> 5. SETCLIENTID_CONFIRM to the new server. > >>> > >>> Whereas the Linux client needs only: > >>> > >>> 1. SETCLIENTID_CONFIRM to the old server. > >>> > >>> And that works just as well. (The existing Linux client has the same > >>> bug, but that is fixed with just a single if statement and no more > >>> round trips.) > >>> > >>> So at some point I'd hope we can document this, as 1) it's actually > >>> being used by a major client so people need to know about it, 2) it's > >>> easier to implement and analyze. > > I don't see any language in RFC 7931 that says "clients MUST use > exactly this algorithm." Thus I feel the algorithm documented in > RFC 7931 is no more than an implementation suggestion, just as > similar sections of RFCs 7530 and 5661 are no more than that. > > Documenting every implementation of trunking detection that doesn't > match what is in that RFC doesn't seem reasonable. > > 1) "people need to know about it" : Is there a particular > interoperability concern you see arising out of the use of the simpler > algorithm? No, that was probably overreach, sorry. Other things being equal, I'd certainly rather we document what's in actually in use, but it's not the end of the world. > 2) "easier to analyze" : there is already analysis in RFC 7931. Is > that analysis inadequate enough to replace it? Is there a substantial > problem with it? I don't know of anything major beyond this one issue. Mainly the algorithm and accompanying analysis are just much more complicated than necessary, which makes it harder to get right. > At this point RFC 7931 is immutable (aside from errata). Unless there > is a significant reason to update that document, I would rather use > the errata approach. Sure, maybe it's too late for a bigger rewrite. --b.
- [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 J. Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 Chuck Lever
- Re: [nfsv4] Potential erratta for RFC7931 Chuck Lever
- Re: [nfsv4] Potential erratta for RFC7931 J. Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields