IETF Logo Mail Archive

Re: [nfsv4] Potential erratta for RFC7931

David Noveck <davenoveck@gmail.com> Mon, 03 October 2016 23:21 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69067129413 for <nfsv4@ietfa.amsl.com>; Mon, 3 Oct 2016 16:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0gljRoF7DeGY for <nfsv4@ietfa.amsl.com>; Mon, 3 Oct 2016 16:21:19 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6EC621293EE for <nfsv4@ietf.org>; Mon, 3 Oct 2016 16:21:19 -0700 (PDT)
Received: by mail-oi0-x233.google.com with SMTP id d132so15791833oib.2 for <nfsv4@ietf.org>; Mon, 03 Oct 2016 16:21:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=AZ/BmhSLrJW1ITclp1YVNPz/++67QKP+G/1lGDWMOZw=; b=E7nIZd4LsnlugM7ccdb81iGdn1gyp7BU/PJBPGCP3XHkCYJiaGnGf9q2yAKgDzapfA FNmISjd1wyY0q/6kigLslphdiC6zPwQ8E002AJYOGr0o/1l0jOkx7lTO9GRiFLS2YEW+ Jn7choEqrD/Bv9uSSLDUKimGT8t5+usvy9a/dHOdT45Hn0nnpjbkm3q85KTO84jzQZ4M NEXXEInN8KT0WJhBEcP9sLGHqmNSkXBoKaubrpoP3XgU4KTqlr+i9+xIU9luNCxjZA20 aHDp+H9EphZbxgHM4rmmM1wjB9COUSRsOmGsx21Gbn3xWI2k0sWDvfa6ldxzS2YKzrIR YfYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=AZ/BmhSLrJW1ITclp1YVNPz/++67QKP+G/1lGDWMOZw=; b=BHWtAQonWV81wUbwLwnPxfzjDIbn+rSI2WASQTCyVvdIW9qwr4M1wJ3Ui0b4PdlynY HOzKlDkeKr0ya8ieVg1QJ4itOvS1s9N57X8JnObeUZNFDYhj+XvxkzWYoMf08yTBAheO 8rdodaEa97294PIydEUfE4jNh0hRgg2EGyeVGhuhqy4oeGo1GwHk8UICG79OfoMW2JU0 BNVbHnx3P4hrYQAjIwsMygrycCZ3mgYvekkP1SBC9iZ8xXbtsMhRoAJzcyUHA1RSvJ4C LhHbcyk+ovgV8fmb37yRQaHoGZvvppQct2U9s5aS8DWZqeGwGgKg7yBdxWwgUUanRtp6 iv/g==
X-Gm-Message-State: AA6/9RkgcLlFYw6RLXVebZwUGnBqZTJN4GUhTXdFO5aotxe0TpJeT0Z3EJamZcQUmriw/Y+V/p/KJpeD3a0cjA==
X-Received: by 10.157.63.33 with SMTP id m30mr367866otc.156.1475536878851; Mon, 03 Oct 2016 16:21:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.107.77 with HTTP; Mon, 3 Oct 2016 16:21:18 -0700 (PDT)
In-Reply-To: <20161003151158.GE3324@fieldses.org>
References: <CADaq8jdc+5oLkvaxNkpxm65gH_X8+fGarZLAsq-bgGrUxSYC3A@mail.gmail.com> <20161003151158.GE3324@fieldses.org>
From: David Noveck <davenoveck@gmail.com>
Date: Mon, 03 Oct 2016 19:21:18 -0400
Message-ID: <CADaq8jfDdy8CnDGdisq+CwdXYgaUbSOCri2q7KOxo-bCzmC7wQ@mail.gmail.com>
To: Bruce Fields <bfields@fieldses.org>
Content-Type: multipart/alternative; boundary="001a11471970845c83053dfe33b7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/ILHXr-8y_hnEKLDxhNzGY-xRDTI>
Cc: Bill Baker <bill.baker@oracle.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: Re: [nfsv4] Potential erratta for RFC7931
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 23:21:21 -0000

> Nit: I believe your argument was that one repeat was sufficient. > If that's
the case, let's say that.

Good point.  See the replacement paragraph below

> And the bottom of p. 24 also needs an update: "Note also that
> the callback update procedure can be repeated multiple times
> to reduce the probability of further spurious matches."

That's already within the replaced paragraph.

The new proposed replacement paragraph is as follows:

Although the NFSv4.0 specification requires the server to make sure that
such verifiers are very unlikely to be regenerated, different servers may
use the same approach to the construction of such verifiers, raising the
probability that two distinct servers might inadvertently assign the same
verifier value. The fact that the servers in question have assigned the
same clientid4 may raise this probability.  In order to guard against the
possibility that such assignments might cause two distinct

servers to be incorrectly considered the same, the SETCLIENTID procedure
mentioned above needs to be repeated at least once.  Repeating the
procedure once  is
sufficient to ensure that the successive confirm values SCn, SCn'
 generated by these repeated SETCLIENTID operations cannot all collide with
a verifier previously received by the client when communicating with IPn.


On Mon, Oct 3, 2016 at 11:11 AM, Bruce Fields <bfields@fieldses.org> wrote:

> On Sat, Oct 01, 2016 at 09:02:52AM -0400, David Noveck wrote:
> > Although the NFSv4.0 specification requires the server to make sure that
> > such verifiers are very unlikely to be regenerated, different servers may
> > use the same approach to the construction of such verifiers, raising the
> > probability that two distinct servers might inadvertently assign the same
> > verifier value. The fact that the servers in question have assigned the
> > same clientid4 may raise this probability.  In order to guard against the
> > possibility that such assignments might cause two distinct
> >
> > servers to be incorrectly considered the same, the SETCLIENTID procedure
> > mentioned above needs to be repeated at least once.
>
> Nit: I believe your argument was that one repeat was sufficient.  If
> that's the case, let's say that.
>
> And the bottom of p. 24 also needs an update: "Note also that the
> callback update procedure can be repeated multiple times to reduce the
> probability of further spurious matches."
>
> I'd update it to something like: "The callback update procedure must
> then be repeated one more time".
>
> > This will ensure that
> > the sucessive confirm values SCn, SCn'. SCn'' generated by these repeated
> > SETCLIENTID operations cannot all collide with a verifier previously
> > received by the client when communicating with IPn.
> >
> > Comments?
>
> I think that's correct, and it's a minimal change, and therefore maybe
> it's the right thing for errata.
>
> It bugs me that the only client I've looked at does something different
> and much simpler.
>
> After receiving the SETCLIENTID with a clientid matching an established
> one, the modified RFC7931 requires, if I have it right:
>
>         1. SETCLIENTID_CONFIRM to the new server.
>         2. SETCLIENTID to the old server.
>         3. SETCLIENTID_CONFIRM to the new server.  And with this fix:
>         4. SETCLIENTID to the old server.
>         5. SETCLIENTID_CONFIRM to the new server.
>
> Whereas the Linux client needs only:
>
>         1. SETCLIENTID_CONFIRM to the old server.
>
> And that works just as well.  (The existing Linux client has the same
> bug, but that is fixed with just a single if statement and no more
> round trips.)
>
> So at some point I'd hope we can document this, as 1) it's actually
> being used by a major client so people need to know about it, 2) it's
> easier to implement and analyze.
>
> --b.
>

v2.23.0 | Report a Bug | By Email