Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
"Everhart, Craig" <Craig.Everhart@netapp.com> Thu, 08 November 2018 17:03 UTC
Return-Path: <Craig.Everhart@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 816481274D0 for <nfsv4@ietfa.amsl.com>; Thu, 8 Nov 2018 09:03:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvUzY4pvpJWk for <nfsv4@ietfa.amsl.com>; Thu, 8 Nov 2018 09:03:49 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-eopbgr820078.outbound.protection.outlook.com [40.107.82.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D3C123FFD for <nfsv4@ietf.org>; Thu, 8 Nov 2018 09:03:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Xkla195U4uqOdOFWH1VhkRmHhCUB5JsANuzZBR4A+w4=; b=cuajKommHZ2f1KIAMoOuZmyh6buavNsmiboNz3OaYF6nhWxovl56M31PiUdA3C7Ijy2cBDvpihOMzJeb9AZ8jer6x3gW0QvW6jfUjPXqafO2C0sq0YPBYO3OyFl4CTTg4FAihWEQLG2I+7q43paVNnfpCSceZD9EFlUQUV6Pwyw=
Received: from BN6PR06MB3089.namprd06.prod.outlook.com (10.174.95.163) by BN6PR06MB2641.namprd06.prod.outlook.com (10.173.145.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.26; Thu, 8 Nov 2018 17:03:47 +0000
Received: from BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::c0b4:c45:1e23:713f]) by BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::c0b4:c45:1e23:713f%3]) with mapi id 15.20.1294.034; Thu, 8 Nov 2018 17:03:47 +0000
From: "Everhart, Craig" <Craig.Everhart@netapp.com>
To: Chuck Lever <chuck.lever@oracle.com>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
Thread-Index: AQHUdq4vLsLdr/162UyNzLvaAaph+6VEOraAgAHLkQD//7S3AIAAXtgA//+vAoA=
Date: Thu, 08 Nov 2018 17:03:47 +0000
Message-ID: <CCC8A8EA-7D8D-440F-B29C-1D3577FC104D@netapp.com>
References: <154160412218.26446.11676556173331817093@ietfa.amsl.com> <74E10D08-6181-49C8-B994-6554C72C4B7D@oracle.com> <BBC9F2E1-4E81-4FE4-99D0-A0B23F33AAD4@netapp.com> <D1E8642B-9A07-4812-82E0-982EDC6EF73E@oracle.com> <578769FE-6C12-4003-A579-7FB461D99A8A@netapp.com> <32BFC3DE-BF20-4A3B-88AC-FAF2C19F714D@oracle.com>
In-Reply-To: <32BFC3DE-BF20-4A3B-88AC-FAF2C19F714D@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.12.0.181014
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Craig.Everhart@netapp.com;
x-originating-ip: [216.240.30.4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR06MB2641; 6:NJ3UPA8X2L0YPUnOYXIJlBKtmB0QbQuzVGu4ZUvLRWPGD8jHAaHWZkhRwmnPHP48iAI9n6Rmxl1Jt60NCOWESc7T10WbiGKHfAsq4B6eZikoAEo1505dulETLLNQeZmCiZ5b1LD0f2X9vCxBpVqwFDbdBbsu9iC1cYnrtVHzu9nUYUg7aRgeH00hBfxMe9B3I2l7K3AKpIP2R+rwCmprK7fEjjiBrsb8OdGscEt5M1tKPy1Lrjf4aUqk1jtHl8+8LTNWWuW8esWMvgL/pR1FP/cilI4ymj980YRZO5dziObfG5v69KQd8utRrV2NRiVOcLyVKNuISfOZMHAemXJjswbrgJj77ZxCuBtfS1S9Y7fkTWFBMRMtcIHNZytFwTg3vVoK9bEoxm2/v4Ia8rPtS7+nXIWdzW3cTZ26IxSNE+NUUFClQABNLvZERHQXXoVMlaeiQ266XvqN6et3Q3wJyw==; 5:Bs5Jsk0fkqDeCLZcQjitMCl/BejEAegVOKRgsfvpiInbAtlbSkXwpsluaDqf02/PYBtLX0LoH71jnYmZ64DGXn70S6s+HskIqqn6EVVLJvxgyHORh33W/iXXSasQZF+GWR8dCZSwr5+GGBY/Zsj/ZYaKzCGcLE1IUDz2c23e4qg=; 7:34KujcVJpYzO3Om+Pih4GLbFYVn0SqylYC2/AuuUbB9AsP4NirMjqTBsv4XTlnEecQPHIKfB4CB2s3Js8bS/caJeeqGHzF+iQgDNVN+16XW8MMw+3x6K723TFuC9llNDP7Ne08bvB3Qd782akds22g==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 4eb6afe7-c54c-498b-dbc0-08d6459c2604
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(5600074)(711020)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:BN6PR06MB2641;
x-ms-traffictypediagnostic: BN6PR06MB2641:
x-microsoft-antispam-prvs: <BN6PR06MB26415F0DB610FE7626256BAAF0C50@BN6PR06MB2641.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(146099531331640);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(3231382)(944501410)(52105095)(10201501046)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(201708071742011)(7699051)(76991095); SRVR:BN6PR06MB2641; BCL:0; PCL:0; RULEID:; SRVR:BN6PR06MB2641;
x-forefront-prvs: 0850800A29
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(39860400002)(366004)(376002)(136003)(396003)(189003)(199004)(6116002)(316002)(68736007)(33656002)(58126008)(53936002)(71190400001)(86362001)(36756003)(82746002)(8676002)(26005)(83716004)(71200400001)(81166006)(8936002)(99286004)(305945005)(81156014)(66066001)(14444005)(76176011)(25786009)(186003)(6486002)(7736002)(4326008)(6436002)(256004)(102836004)(6246003)(6506007)(5660300001)(2616005)(11346002)(2900100001)(229853002)(72206003)(6512007)(6916009)(478600001)(106356001)(97736004)(476003)(3846002)(105586002)(2906002)(93886005)(14454004)(486006)(446003); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR06MB2641; H:BN6PR06MB3089.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: TrC9EsfodyCCmypXz3Pvus7pYncVsvAUEXk3qIFGMh9y7W98zfbhfqJ4Mcv5qglFlrvwzBu6EU7I7RlUgKuuFcsTvp3JZaN1Hu+SAMTvRjNgx+mQDxwBzS3p5AEl6Bho5zaZl1dN4eWv5goQfE+u/A4l2luNg3IXnIo4dOVEa70QsIA2pPU+je8TQYDvq30S3mgJPEkAKfBB6Pmu0B8SZxAqQjTLZz/NsWJmu58hys2pLBge8np6xSkLN++9JaSKZDbOjn71zIIHv4g9Xnn++h87oJa2QrH1w2cQ137p1ivp1F2Sp+/rELeQED07McZ8cGeWBuEa6CCt4gDyNrXqGJhpPVoGArFz8X7zpvDNdlE=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <C31707DA8998AD41994A40F6DF7E357D@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: netapp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4eb6afe7-c54c-498b-dbc0-08d6459c2604
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Nov 2018 17:03:47.4100 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2641
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/IzSBwgyWLLG1Wh97NKJhw0atlXo>
Subject: Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 17:03:51 -0000
Hi Chuck, just one point. On 11/8/18, 11:54 AM, "Chuck Lever" <chuck.lever@oracle.com> wrote: > This means _any_ change > to the content between the time it is generated and the time it > is used can be detected. > >And detected by only these special tools. No, the FPI is evaluated by the provenance assessor before each access of the file. Perhaps you could clarify this architecture. The menagerie of tools that would be modified, this provenance assessor--what is the architecture of the system in which these tools exist? Is the "provenance assessor" part of the presumed OS on the NFS client? Is it active when I read a file with the menagerie (e.g., "cp")? At backup time? I assume that it will be active when I want to edit the content of a source file, or execute a binary executable file. Craig
- [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-me… internet-drafts
- [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integri… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… David Noveck
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Benjamin Kaduk
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Benjamin Kaduk
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever