IETF Logo Mail Archive

Re: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt

Tom Talpey <ttalpey@microsoft.com> Wed, 03 April 2019 16:46 UTC

Return-Path: <ttalpey@microsoft.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF20A1200B6 for <nfsv4@ietfa.amsl.com>; Wed, 3 Apr 2019 09:46:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LXght3rq0lST for <nfsv4@ietfa.amsl.com>; Wed, 3 Apr 2019 09:46:26 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780121.outbound.protection.outlook.com [40.107.78.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73812120046 for <nfsv4@ietf.org>; Wed, 3 Apr 2019 09:46:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=Nj8YTjEujMN87BBk1SXbnGlczsN+gnIDr2Aq3k7tlGE80tpbrAZcy+mGpQcvHwy8JcpWFfEO5EJJQJDE/4x+ufdauTzptAaU1P6Exs0I/TmE1dLuRLFbCYmt9QhY/iD69At5rqzvnL0qAWo4y+v8MMcdvnAjVkszkXkPuG22Zbg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O04hbABwwAlSOGNgnd2U/IbC3JckdJzEna9GN5eZSwU=; b=JPECvhN6JuvEmjn5BkbhrM+A14XSKM9nmLih755OPIBDtzXN/lMmKfp7pysC8o2goTExbOF6VXMwzk5j521EGJgVK7rvTcSSf16kQCUT01aXMOZj9jHenomfmiQ7tDZ96xpLbL85aGJo8pTQvsQrQN4VH6qZKhEakihEIsQLk5I=
ARC-Authentication-Results: i=1; test.office365.com 1; dmarc=none action=none header.from=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O04hbABwwAlSOGNgnd2U/IbC3JckdJzEna9GN5eZSwU=; b=oYDFfTiebGCB146hE8soDhdPBEfiqcFvxO4XM98AMfrpt579B26xMhnS0j8oMlIHpGoG2zlICglU8O10+eRlnkjtxMF6qQgX8CvDpvfPQqp9kj23CWC8td5qaNibJd0/X5KrIRPvFIx5WX2XyJXsqhAGXa9HwJYGiocaCcjvdQY=
Received: from SN4PR2101MB0736.namprd21.prod.outlook.com (10.167.151.155) by SN4PR2101MB0733.namprd21.prod.outlook.com (10.167.150.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.3; Wed, 3 Apr 2019 16:46:24 +0000
Received: from SN4PR2101MB0736.namprd21.prod.outlook.com ([fe80::804d:6cd0:c000:791c]) by SN4PR2101MB0736.namprd21.prod.outlook.com ([fe80::804d:6cd0:c000:791c%3]) with mapi id 15.20.1771.003; Wed, 3 Apr 2019 16:46:24 +0000
From: Tom Talpey <ttalpey@microsoft.com>
To: Olga Kornievskaia <aglo@umich.edu>, Chuck Lever <chuck.lever@oracle.com>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
Thread-Index: AQHU4+Vn/M2YRfR8/UyeHEaGBO4iYKYeF5yAgAAD8ICAAAB/gIAAFWuAgAABC8CAA0J/gIAAUK5QgADm6gCABNVBAIAAHSqAgAAtD4CAACkFAIABA8QAgAANNwCAAaI/AIAABEkw
Date: Wed, 03 Apr 2019 16:46:24 +0000
Message-ID: <SN4PR2101MB07367258FD135D306AAC72FAA0570@SN4PR2101MB0736.namprd21.prod.outlook.com>
References: <154264272736.5235.8955444239583271708.idtracker@ietfa.amsl.com> <CO2PR0601MB7597A7490C43DAE5A3268E6B5D80@CO2PR0601MB759.namprd06.prod.outlook.com> <39802AA5-3F70-48C7-824B-CAC0FB871016@oracle.com> <CADaq8jc82bfxpjxz_f6Uy-4c0yazJujOrKo+TejPkx-q6qq_3Q@mail.gmail.com> <1480794517.422703.1553504031783.JavaMail.zimbra@desy.de> <4F7BC6A0-50F9-47BC-8465-28833835E7F6@oracle.com> <1119874674.601037.1553546666143.JavaMail.zimbra@desy.de> <946EFDD8-F04D-49CD-A1C8-D8E8A6D5EE35@oracle.com> <2020506870.740381.1553612716598.JavaMail.zimbra@desy.de> <CAN-5tyGggDUe2DNSjRc6vAyXgGo4LVwYVK5zmTOyr0soPFVKrQ@mail.gmail.com> <3705AA25-10DF-43BF-BE1D-B0BE27F705DE@eggert.org> <0E00BED9-74D4-4594-A7AC-FCD624461DD7@eggert.org> <880CC259-A82A-401F-A81D-5FCD6A9758B3@oracle.com> <SN4PR2101MB0736EF7A385F5D95107D4118A05F0@SN4PR2101MB0736.namprd21.prod.outlook.com> <3A634328-B190-473B-A6D7-C5878CC2654B@oracle.com> <SN4PR2101MB073663820F28F2AAA8766E38A05A0@SN4PR2101MB0736.namprd21.prod.outlook.com> <D43B092E-03D1-470F-AF57-1E9416E8518E@oracle.com> <CAN-5tyFU_9v=OQcvEfkC-YLJZTEenRyNa67YPJBBnNG8g0EsTQ@mail.gmail.com> <1362131D-77D7-4BF0-AD50-9B775508F439@oracle.com> <CAN-5tyEReyhjJn60QtqS4amMtz8B1W6Z7qpoXKWZLDeK2k0CYQ@mail.gmail.com> <BA8346C3-F491-42B6-8059-6DDAE52C58BA@oracle.com> <CAN-5tyEwvjSD59XhKdqshN3F57avh=3uOGjOCE5vf8R4u2FA4Q@mail.gmail.com> <C7FFE084-0192-40F1-929D-E9DA1F4BBAE7@oracle.com> <CAN-5tyFAJ6fN6GHz8Ecr3i6aQV+wGqvbdStqxruMs6Pw+Dppaw@mail.gmail.com>
In-Reply-To: <CAN-5tyFAJ6fN6GHz8Ecr3i6aQV+wGqvbdStqxruMs6Pw+Dppaw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=ttalpey@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-04-03T16:46:22.4976145Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=05526d04-45c5-49b5-bf8c-b322cff1de17; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ttalpey@microsoft.com;
x-originating-ip: [2601:18f:981:12f8::1003]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f9d867a4-5a4a-4ab0-52b7-08d6b853e8f6
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN4PR2101MB0733;
x-ms-traffictypediagnostic: SN4PR2101MB0733:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <SN4PR2101MB07331DDF43EE42CC198E2D33A0570@SN4PR2101MB0733.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4125;
x-forefront-prvs: 0996D1900D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(366004)(376002)(396003)(346002)(39860400002)(13464003)(189003)(199004)(40224003)(6436002)(30864003)(53946003)(97736004)(6306002)(9686003)(186003)(476003)(11346002)(446003)(5660300002)(14454004)(8676002)(2906002)(2171002)(68736007)(6246003)(53936002)(86362001)(52536014)(8990500004)(10090500001)(8936002)(55016002)(229853002)(102836004)(53546011)(106356001)(6506007)(76176011)(99286004)(486006)(22452003)(105586002)(71190400001)(7696005)(86612001)(71200400001)(33656002)(6116002)(305945005)(74316002)(25786009)(966005)(478600001)(14444005)(46003)(93886005)(256004)(81166006)(10290500003)(4326008)(316002)(7736002)(110136005)(15650500001)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:SN4PR2101MB0733; H:SN4PR2101MB0736.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: kCLSCoZz2fMUkj/hihYhxLVxocwAs+cntAKxcw3gGRQwId7/t7tRVJFR3uCJp+7Wz8Rrg5oBG1zE2BrAuE4V+AD94alNavl9bZ0Yb0gFo2mDcikrZQhLqR4Knuh7ETcS4CYe1b8Y4o9bhf6l+Z3HuZ/lY4U+JOgJLm/atJokrFwJQD3QiENR0UIBtPWDuEXtC1UzH0BX9iXqYAdbVmq29IG0rF5yiz97YMSfqTpNduBmzM74xwcug1taFTFARWCRBEipwxxmjwYz6ZzkSczygPm6wMOaaNcFsbDP6pEwu2B9UCP65HmSQClB49ferIMXHYI3dvcSzxLZ+9lF/8jH3dVVK7VnQ0/9OL6r2l1EsSz+a/ozlue5+Aw1PUFoTpi969fLye7Jhs54QF8dbdP//3PZF+i+EvJZBgDU0ys1IJ0=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f9d867a4-5a4a-4ab0-52b7-08d6b853e8f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2019 16:46:24.8804 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR2101MB0733
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/I3RNeOLXfwnyg5x8JnTDhF1U1Js>
Subject: Re: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 16:46:31 -0000

> -----Original Message-----
> From: nfsv4 <nfsv4-bounces@ietf.org> On Behalf Of Olga Kornievskaia
> Sent: Wednesday, April 3, 2019 12:13 PM
> To: Chuck Lever <chuck.lever@oracle.com>
> Cc: NFSv4 <nfsv4@ietf.org>
> Subject: Re: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
> 
> On Tue, Apr 2, 2019 at 11:15 AM Chuck Lever <chuck.lever@oracle.com>
> wrote:
> >
> >
> >
> > > On Apr 2, 2019, at 10:28 AM, Olga Kornievskaia <aglo@umich.edu> wrote:
> > >
> > > Hi Chuck,
> > >
> > > First of all I apologizes for reading an out-dated version of the draft.
> > >
> > > There are still several things I disagree with and some questions that I have:
> > >
> > > 1. Encryption offload. I think it's unfair to list this as a benefit
> > > of switching to TLS from tradition encryption methods. TLS adds a very
> > > costly operation (public key encryption) which to reduce the impact on
> > > performance needs to leverage things like offload engines. The same
> > > link talks about how all modern CPUs have hardware support for
> > > symmetric key ciphers like AES which speeds things up. In my opinion,
> > > this list item should be removed.
> >
> > TLS offload actually exists. GSS does not give us any practical
> > path for offloading encryption and decryption. If an example of
> > a commodity part that provides GSS offload can be identified,
> > I'll consider removing this bullet.
> >
> >
> > > -- what's a transient client?
> >
> > An example is a guest's laptop.
> >
> >
> > > 2. "Per-client deployment and administrative costs are not scalable"
> > > (I'm assuming it means deploying keytabs). Yet the spec is talking
> > > about the use of host certificates. If existing design is not scalable
> > > so will the design with host certificates (or user certificates) as it
> > > requires the same deployment. In my opinion, this bullet should be
> > > removed (and so it the 3rd list item that talks about CPU cost of
> > > encryption).
> >
> > Certificates on RPC clients are optional. In deployment scenarios
> > that don't provide client certificates, administrative cost is
> > lower.
> 
> Sure, but then please add explicitly to the 4.2.2 (mutual
> authentication) that this mode adds to the deployment cost making it
> equivalent to the existing GSS model.
> 
> > I'll change the bullet to refer to "clients" instead of "host
> > systems".
> >
> >
> > > 3. Section 4.2.3 "Advanced forms of RPC authentication". I'm surprised
> > > to see this here because of the wording in Section 1. Specifically it
> > > says: "An alternative approach is to employ transport layer security
> > > mechanism". Here alternative was to the GSS mechanism which was listed
> > > as "hard to use". So nowhere was there a talk that TLS connection can
> > > be used with a GSS mechanism. Is this section suppose to be about the
> > > fact that RPCSEC GSS besides authentication also provides an encrypted
> > > connection? Then I think the section title should be changed to
> > > "RPCSEC GSS secure connection establishment"?   This section,blurs the
> > > lines of RPC identify authentication via GSS identities and the TLS
> > > authentication. In previous two section, it wasn't discussed what kind
> > > of RPC authentication would happen on top of the TLS connection. I
> > > think this whole section should be removed. Because it basically says
> > > there is no need to use GSS privacy/integrity since underlying TLS
> > > connection already provides that and since TLS is suppose to be
> > > alternative to GSS so why combined it.
> >
> > We have to discuss the use of channel binding somewhere, and
> > we have to discuss the double host authentication because TLS
> > has a host authentication step and so does GSS. I don't see any
> > discussion of user authentication here.
> 
> I would have re-organized this to be something like:
> 
> 4.2 Establishing an end-to-end encrypted channel
> same paragraph as before about providing a transparent end-to-end
> encrypted channel for the RPC operations.
> 4.2.1 TLS server-only authentication
> (same as before)
> 4.2.2 TLS mutual authentication
> (same as before)
> 4.3.3 Role of the RPCSEC GSS integrity and privacy services
> Here talk about redundancy of using GSS services on top of TLS.
> Channel binding would go here.
> 
> 4.3 RPC authentication on top of an encrypted channel
> Here talk about how any of the existing methods (AUTH_SYS, GSS) can be
> overplayed on top of the encrypted channel.

Olga, I support this approach but would like to suggest it also explore the
inter-relation of existing RPC authentication methods with TLS. For example,
if per-user keys (obtained from the auth itself) are used to secure the TLS
channel, rather than the more usual machine-wide ones.

In addition there are implications on trunking and multiplexing of traffic,
and under what conditions traffic destined for a TLS channel can be redirected
and/or retried . For example, if GSS privacy is "downgraded" once a TLS channel
binding is established, then any trunked connections cannot be used until and
unless a similarly-protected TLS association is obtained on them as well. This
gets especially hairy in reconnection/retry scenarios.

Tom.

> > I'll change the section title.
> >
> >
> > > 4. Section 5 is about TLS authentication and PKI identities. I find it
> > > confusing the use of RPC client. RPC client has RPC identities from
> > > the RPC RFC. Should we use TLS client here instead?
> > >
> > > -- what is a TLS identifier? If it's defined in the TLS spec can we
> > > either copy a definition or provide a reference for it?
> >
> > I'm looking for a generic term that encapsulates certificate,
> > PSK, or token binding to mean the identity of the peer host.
> > Anyone know of a appropriate term to use for that?
> 
> Sorry more question about section 5 "TLS peer authentication".  Is the
> purpose here to describe how a server would authenticate the client or
> how the client authenticates the server (or both). I think the
> intention to handle "both". So if this section applies to both side
> then the use "RPC client is uniquely identified by tuple" to me reads
> to only apply to the RPC client. If this suppose to apply to both then
> "TLS peer" maybe used? If this is suppose to be talking about just one
> side authentication (whatever side that is), then why another side is
> excluded (again I think it is both). Some of the bullets talk about
> requirements for server authentication, but then there is wording that
> server can deny
> 
> Also, for the "pre-shared" keys section can we add a reference to
> RFC8446 section 2.2 otherwise there isn't much context here. Though I
> feel that this draft was about making deployment easier so the cost of
> pre-sharing the keys is like going backwards.
> 
> 
> > > -- If an (RPC/NFS) server suppose to make decisions about executing an
> > > RPC/NFS request based on the PKI identify shouldn't there be a talk
> > > about how to map the PKI identify into the NFSv4 identify?
> >
> > RPC over TLS is strictly about encryption at the RPC layer. It
> > has nothing to do with the RPC user, and NFSv4 has no awareness
> > that TLS is in use at the transport layer.
> >
> > The server may determine whether to accept or reject a connection
> > request based on the client's identity. That identity is not used
> > to authorize individual RPC requests.
> 
> >
> >
> > > other comments in-line.
> > >
> > > On Mon, Apr 1, 2019 at 6:58 PM Chuck Lever <chuck.lever@oracle.com>
> wrote:
> > >>
> > >>
> > >>
> > >>> On Apr 1, 2019, at 4:31 PM, Olga Kornievskaia <aglo@umich.edu> wrote:
> > >>>
> > >>> On Mon, Apr 1, 2019 at 1:50 PM Chuck Lever <chuck.lever@oracle.com>
> wrote:
> > >>>>
> > >>>> Olga, thanks for your comments.
> > >>>>
> > >>>>
> > >>>>> On Apr 1, 2019, at 12:06 PM, Olga Kornievskaia <aglo@umich.edu>
> wrote:
> > >>>>>
> > >>>>> Comments about the draft-1 and section 4.3 Authentication.
> > >>>>>
> > >>>>> 1. Why is there no option of no client authentication and simply using
> > >>>>> server-side authentication and using AUTH_SYS on top of it (and
> > >>>>> perhaps this is addressed by the 2nd editorial comment in the [] but
> > >>>>> the lack including this as an option bothered me). I think this is the
> > >>>>> most useful option to be considered.
> > >>>>
> > >>>> I quite agree that it is the most useful. I don't see where we are
> > >>>> specifically excluding that option, however.
> > >>>
> > >>> Ok I guess I have issues with wording. That section talks about "host
> > >>> and user authentication". What is "host" here? Is this the NFS server
> > >>> or is this a client machine where a "user" might execute NFS
> > >>> operations? I really hope that "host" means an NFS server and it's the
> > >>> NFS server that will be authenticated via TLS (which means a
> > >>> server-side certificate will be used).
> > >>
> > >> I thought that "host authentication" had an unambiguous meaning.
> > >> It means that the peer host is authenticated.
> > >>
> > >> RPCSEC GSS performs host authentication using the service principals
> > >> on both peers.
> > >>
> > >> With TLS, AIUI, the client can always authenticate the server, because
> > >> the server is required to have an identity (typically a certificate).
> > >> The server can authenticate a connecting client if the client has an
> > >> identity and presents it during the TLS handshake.
> > >>
> > >> I can add "host authentication" and "user authentication" in the
> > >> Terminology section if people feel that would be helpful. Or should
> > >> I use "machine authentication" instead of "host authentication" ?
> > >
> > > With the new organization of the draft I don't have those objections.
> > >
> > >>
> > >>
> > >>> That leads to Option 1 wording.
> > >>> It's not clear which side would used a self-signed certificate and why
> > >>> we right away restricting/suggestion the type of the certificate. I
> > >>> think it would be better to say: "To establish a secure TLS connection
> > >>> at least a server-side PKI certificate is required and can provides
> > >>> server authentication. Statement: "end-to-end encryption is provided
> > >>> client certificate material" ... I don't think that's what end-to-end
> > >>> encryption typically means. I would rather say. "Mutual authentication
> > >>> is provided when client also presents a PKI certification during a TLS
> > >>> handshake." (or something of that sorts).
> > >>>
> > >>> My wording of the options:
> > >>> TLS server-side authentication only with AUTH_SYS identity: To
> > >>> establish a secure TLS connection a server-side PKI certificate is
> > >>> required and provides server authentication (either self-signed or
> > >>> CA-certified certificates can be used). After TLS connection is
> > >>> established, the RPC client uses AUTH_SYS to identify users with the
> > >>> guarantee that the UID and GID values cannot be observed or altered in
> > >>> transit.
> > >>>
> > >>> TLS mutual authentication with AUTH_SYS:  During TLS negotiation, the
> > >>> client identifies itself to the server with a PKI certificate.  As
> > >>> with encryption-only with AUTH_SYS, UID and GID values are well
> > >>> protected.  In addition, the server can use the client's PKI identity
> > >>> to perform additional authorization of this client's requests.
> > >>>
> > >>> TLS server-side authentication only with RPCSEC GSS Kerberos identify:
> > >>> To establish a secure TLS connection a server-side PKI certificate is
> > >>> required and provides server authentication (either self-signed or
> > >>> CA-certified certificates can be used). The RPC client uses Kerberos
> > >>> to identify the client host and its users, but does not request GSS
> > >>> integrity or privacy services as the connection is already secured.
> > >>>
> > >>> TLS mutual authentication with AUTH_NONE:  Each user establishes her
> > >>> own TLS context with the server, identified by a user PKI certficate.
> > >>> There is no need for any additional information at the RPC layer, so
> > >>> the RPC client can use the simplest authentication flavor for RPC
> > >>> transactions.  This configuration is not typical for NFS deployments,
> > >>> but it does enable strong certificate-based user authentication, which
> > >>> is currently not afforded by GSS.
> > >>
> > >> This appears to be based on an outdated version of this document.
> > >> The latest version is here:
> > >>
> > >>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatra
> cker.ietf.org%2Fdoc%2Fdraft-ietf-nfsv4-rpc-
> tls%2F&amp;data=02%7C01%7Cttalpey%40microsoft.com%7C03bbacc8265a4
> 10c140508d6b84f3cf2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7
> C636899047801793678&amp;sdata=rTIELxr2yBE8vluAoCHkmZJXqd%2FwHV%
> 2F2BHblUvSCz3g%3D&amp;reserved=0
> > >>
> > >> I hope Section 4.2 of the latest revision answers your questions.
> > >>
> > >>
> > >>> If by "host" you don't mean the "server" and mean client's machine.
> > >>> And for the server we are not implying that it's OK to use self-signed
> > >>> certificates (which I really hoped we were not suggestion).
> > >>>
> > >>> Then the options I propose should be:
> > >>> 1. TLS server-side authentication + AUTH_SYS user identity: this is
> > >>> the favorable option of no certificates on the client at all and only
> > >>> server is authenticated.
> > >>>
> > >>> 2. TLS mutual authentication with machine certificates + AUTH_SYS user
> > >>> identity . This is where I think a suggestion to use a self-signed
> > >>> certificate can be made (however see my view below that I don't this
> > >>> client-side authentication gains us anything).
> > >>>
> > >>> 3. TLS mutual authentication with user certificates + AUTH_SYS user
> identify
> > >>>
> > >>> 4. TLS mutual authentication with machine certificate + Kerberos user
> identify
> > >>>
> > >>> 5. TLS mutual authentication with user certificates + Kerberos user
> identify
> > >>>
> > >>> 6. TLS mutual authentication with user certificates + AUTH_NONE
> > >>>
> > >>>
> > >>>
> > >>>>> I don't see how adding
> > >>>>> self-signed client certificates adds to the security of the system but
> > >>>>> instead this adds a costly PKI operation that would impact the time it
> > >>>>> takes to establish a secure connection.
> > >>>>
> > >>>> Self-signed certificates allow a form of weak authentication by the
> > >>>> server. At least it can audit which client is connecting. The
> > >>>> discussion of self-signed certs can be removed if it's not something
> > >>>> we want to explicitly commend.
> > >>>
> > >>> In my personal option, adding self-signed (user) authentication
> > >>> provides no benefits as there no attack that it protects from. We are
> > >>> not proposing to use the identity gotten from the client-side of the
> > >>> TLS connection and map it to an nfs4 identity, are we (cue in the SPKM
> > >>> troubles here).
> > >>
> > >> IIRC we eventually decided not to support the use of user certs
> > >> for RPC on TLS.
> > >
> > > I don't think that's true as the Section 5.2 talks it.
> >
> > Where? I see only discussion of the RPC client's identity.
> 
> Section 5.2 says "an RPC client is uniquely identified by the tuple
> .... ie certificate". To me this reads, a client has a user
> certificate.  But this section doesn't talk about the self-signed
> certs.
> 
> >
> >
> > > While there is
> > > definitely a lot more information about what should go into the user
> > > certificate and a concrete PKI identity : "an RPC client is uniquely
> > > identified by the tuple (serial number of presented client
> > > certificate;Issuer)" there is nothing about how to map this to the
> > > NFSv4 identify.
> >
> > That's because the NFSv4 protocol is not aware of the use of TLS.
> > There is no connection between NFSv4 identities and TLS. If a user
> > certificate is employed, it is used strictly for host authentication.
> >
> >
> > --
> > Chuck Lever
> >
> >
> >
> 
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ie
> tf.org%2Fmailman%2Flistinfo%2Fnfsv4&amp;data=02%7C01%7Cttalpey%40mi
> crosoft.com%7C03bbacc8265a410c140508d6b84f3cf2%7C72f988bf86f141af9
> 1ab2d7cd011db47%7C1%7C0%7C636899047801793678&amp;sdata=7gZKwy
> NwPk7KqrbafSfzaFnP%2ByLVknRu0tqIprtpBZc%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email