Re: [nfsv4] I-D Action: draft-ietf-nfsv4-rpc-tls-01.txt

David Noveck <davenoveck@gmail.com> Tue, 16 April 2019 17:09 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 578D212038B for <nfsv4@ietfa.amsl.com>; Tue, 16 Apr 2019 10:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qO8-ZFJZbNs1 for <nfsv4@ietfa.amsl.com>; Tue, 16 Apr 2019 10:09:55 -0700 (PDT)
Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A5921201BA for <nfsv4@ietf.org>; Tue, 16 Apr 2019 10:09:55 -0700 (PDT)
Received: by mail-oi1-x22e.google.com with SMTP id x188so17595922oia.13 for <nfsv4@ietf.org>; Tue, 16 Apr 2019 10:09:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BPMA+z2Q87UNW2DPwP41Xpprg/y6BaXtepKhRazKDOE=; b=V6UwFV4hwhGJ0NUKod8lqSdoSw8Git8iB+iDJU17W+lgQ8t9NQDcU3spBYH5rrXP2L k+1QVBw3Jsh5qMA0aqxhh1G7QqIM6+DKh7dJNRsDi1qcIb7GfkuLJPctgGwjfPnEiDSC +S0AHeZ6f3wnhVH3dZKQwbouTtmnxNeBdwv1dsa9ONIBHyR7nJ2TW2dTkmGAmp4T9haI F9SH1Hy1wHgFaRa446dDUlybmGyxukCMWnZdiRV5lg69wAFgHpcNuvQzpNHQupUs4YK5 U8dZZwzpVCZ8LN5n7yzLvygQoft5KjtohkGLWd5HGosZLdj1M7lhu/qSvK/AXZgNEiYi TniA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BPMA+z2Q87UNW2DPwP41Xpprg/y6BaXtepKhRazKDOE=; b=pQVjbrigEpAuav5IHZZ0P5PkUwi7NCsFhkThBrj6Y4GYsihCBsMQ9Xh+UGvTyagRUh 18F6JanODAoqzNCJ+L2GqkURGStl3lGfcF5LA9DnHWPXDXIha2ttfnzukQxx5r3bXvGM S4u7qVY6mmvWcSz+vnLJEnZYE8Riu1KOqsv7mVE9AU0CdCsT2jL9QOZo2S7esREw7Bi/ yf4GwVS8g7740nH4c/t4Gg50Wvo7Jo2B5BAsHtYkdNEYsGb1NzugqX9ShRrjHI1SAdwv tBWeMgKNMQGYsCOaFSgB+Qvv2DVcB01HhF79WAdzLziCVUyxeCHFTtRRZviuuV8EoqE8 LBkQ==
X-Gm-Message-State: APjAAAXfWR1vk1X3Fn3S49s9KJ2Dj8gsVjAbuEId6Cf9izv5UaUyOtSw O/3DTTqbCcMKOdqUc8jUgGSJm/SAfjGfQMOoTD4=
X-Google-Smtp-Source: APXvYqzssvInDgggwSLmIVY/DMSLUOXfQnag7bIdPDMoVYwAur7Didh3p2jct5VP2pty1tJE76hhroVsW2l5r6JJrSQ=
X-Received: by 2002:aca:407:: with SMTP id 7mr22966967oie.90.1555434594300; Tue, 16 Apr 2019 10:09:54 -0700 (PDT)
MIME-Version: 1.0
References: <155535049832.10773.1565621811584007627@ietfa.amsl.com>
In-Reply-To: <155535049832.10773.1565621811584007627@ietfa.amsl.com>
From: David Noveck <davenoveck@gmail.com>
Date: Tue, 16 Apr 2019 13:09:43 -0400
Message-ID: <CADaq8jcCB9g9v=h4iXu1f6=cAsU7wMdmfh31gCQKvEFw2eG=rA@mail.gmail.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000076f78f0586a8d65b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/IGFjPD5PWrqucrslSLbuzM2rBFE>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-rpc-tls-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 17:09:57 -0000

I'm confused by the addition of the word "opportunistically" in the
abstract.   This document defines an important way of providing security to
RPC-based protocols such as NFSv4, so as to deal with the very real
security problemms that these protocols have.    While these facilities can
only be used when both client and the server provides support, I don't
think that fact alone make the use of these facilties "opportunistic".
What exactlty is this word intended to imply?

On Mon, Apr 15, 2019 at 1:48 PM <internet-drafts@ietf.org> wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Network File System Version 4 WG of the
> IETF.
>
>         Title           : Remote Procedure Call Encryption By Default
>         Authors         : Trond Myklebust
>                           Charles Lever
>         Filename        : draft-ietf-nfsv4-rpc-tls-01.txt
>         Pages           : 17
>         Date            : 2019-04-15
>
> Abstract:
>    This document describes a mechanism that opportunistically enables
>    encryption of in-transit Remote Procedure Call (RPC) transactions
>    with minimal administrative overhead and full interoperation with ONC
>    RPC implementations that do not support this mechanism.  This
>    document updates RFC 5531.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rpc-tls/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-nfsv4-rpc-tls-01
> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-rpc-tls-01
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-rpc-tls-01
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4
>