Re: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
Tom Talpey <ttalpey@microsoft.com> Wed, 03 April 2019 16:46 UTC
Return-Path: <ttalpey@microsoft.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF20A1200B6 for <nfsv4@ietfa.amsl.com>; Wed, 3 Apr 2019 09:46:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LXght3rq0lST for <nfsv4@ietfa.amsl.com>; Wed, 3 Apr 2019 09:46:26 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780121.outbound.protection.outlook.com [40.107.78.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73812120046 for <nfsv4@ietf.org>; Wed, 3 Apr 2019 09:46:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=Nj8YTjEujMN87BBk1SXbnGlczsN+gnIDr2Aq3k7tlGE80tpbrAZcy+mGpQcvHwy8JcpWFfEO5EJJQJDE/4x+ufdauTzptAaU1P6Exs0I/TmE1dLuRLFbCYmt9QhY/iD69At5rqzvnL0qAWo4y+v8MMcdvnAjVkszkXkPuG22Zbg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O04hbABwwAlSOGNgnd2U/IbC3JckdJzEna9GN5eZSwU=; b=JPECvhN6JuvEmjn5BkbhrM+A14XSKM9nmLih755OPIBDtzXN/lMmKfp7pysC8o2goTExbOF6VXMwzk5j521EGJgVK7rvTcSSf16kQCUT01aXMOZj9jHenomfmiQ7tDZ96xpLbL85aGJo8pTQvsQrQN4VH6qZKhEakihEIsQLk5I=
ARC-Authentication-Results: i=1; test.office365.com 1;
dmarc=none action=none header.from=microsoft.com;
arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O04hbABwwAlSOGNgnd2U/IbC3JckdJzEna9GN5eZSwU=; b=oYDFfTiebGCB146hE8soDhdPBEfiqcFvxO4XM98AMfrpt579B26xMhnS0j8oMlIHpGoG2zlICglU8O10+eRlnkjtxMF6qQgX8CvDpvfPQqp9kj23CWC8td5qaNibJd0/X5KrIRPvFIx5WX2XyJXsqhAGXa9HwJYGiocaCcjvdQY=
Received: from SN4PR2101MB0736.namprd21.prod.outlook.com (10.167.151.155) by SN4PR2101MB0733.namprd21.prod.outlook.com (10.167.150.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.3; Wed, 3 Apr 2019 16:46:24 +0000
Received: from SN4PR2101MB0736.namprd21.prod.outlook.com ([fe80::804d:6cd0:c000:791c]) by SN4PR2101MB0736.namprd21.prod.outlook.com ([fe80::804d:6cd0:c000:791c%3]) with mapi id 15.20.1771.003; Wed, 3 Apr 2019 16:46:24 +0000
From: Tom Talpey <ttalpey@microsoft.com>
To: Olga Kornievskaia <aglo@umich.edu>, Chuck Lever <chuck.lever@oracle.com>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
Thread-Index: AQHU4+Vn/M2YRfR8/UyeHEaGBO4iYKYeF5yAgAAD8ICAAAB/gIAAFWuAgAABC8CAA0J/gIAAUK5QgADm6gCABNVBAIAAHSqAgAAtD4CAACkFAIABA8QAgAANNwCAAaI/AIAABEkw
Date: Wed, 03 Apr 2019 16:46:24 +0000
Message-ID: <SN4PR2101MB07367258FD135D306AAC72FAA0570@SN4PR2101MB0736.namprd21.prod.outlook.com>
References: <154264272736.5235.8955444239583271708.idtracker@ietfa.amsl.com> <CO2PR0601MB7597A7490C43DAE5A3268E6B5D80@CO2PR0601MB759.namprd06.prod.outlook.com> <39802AA5-3F70-48C7-824B-CAC0FB871016@oracle.com> <CADaq8jc82bfxpjxz_f6Uy-4c0yazJujOrKo+TejPkx-q6qq_3Q@mail.gmail.com> <1480794517.422703.1553504031783.JavaMail.zimbra@desy.de> <4F7BC6A0-50F9-47BC-8465-28833835E7F6@oracle.com> <1119874674.601037.1553546666143.JavaMail.zimbra@desy.de> <946EFDD8-F04D-49CD-A1C8-D8E8A6D5EE35@oracle.com> <2020506870.740381.1553612716598.JavaMail.zimbra@desy.de> <CAN-5tyGggDUe2DNSjRc6vAyXgGo4LVwYVK5zmTOyr0soPFVKrQ@mail.gmail.com> <3705AA25-10DF-43BF-BE1D-B0BE27F705DE@eggert.org> <0E00BED9-74D4-4594-A7AC-FCD624461DD7@eggert.org> <880CC259-A82A-401F-A81D-5FCD6A9758B3@oracle.com> <SN4PR2101MB0736EF7A385F5D95107D4118A05F0@SN4PR2101MB0736.namprd21.prod.outlook.com> <3A634328-B190-473B-A6D7-C5878CC2654B@oracle.com> <SN4PR2101MB073663820F28F2AAA8766E38A05A0@SN4PR2101MB0736.namprd21.prod.outlook.com> <D43B092E-03D1-470F-AF57-1E9416E8518E@oracle.com> <CAN-5tyFU_9v=OQcvEfkC-YLJZTEenRyNa67YPJBBnNG8g0EsTQ@mail.gmail.com> <1362131D-77D7-4BF0-AD50-9B775508F439@oracle.com> <CAN-5tyEReyhjJn60QtqS4amMtz8B1W6Z7qpoXKWZLDeK2k0CYQ@mail.gmail.com> <BA8346C3-F491-42B6-8059-6DDAE52C58BA@oracle.com> <CAN-5tyEwvjSD59XhKdqshN3F57avh=3uOGjOCE5vf8R4u2FA4Q@mail.gmail.com> <C7FFE084-0192-40F1-929D-E9DA1F4BBAE7@oracle.com> <CAN-5tyFAJ6fN6GHz8Ecr3i6aQV+wGqvbdStqxruMs6Pw+Dppaw@mail.gmail.com>
In-Reply-To: <CAN-5tyFAJ6fN6GHz8Ecr3i6aQV+wGqvbdStqxruMs6Pw+Dppaw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=ttalpey@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-04-03T16:46:22.4976145Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=05526d04-45c5-49b5-bf8c-b322cff1de17; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ttalpey@microsoft.com;
x-originating-ip: [2601:18f:981:12f8::1003]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f9d867a4-5a4a-4ab0-52b7-08d6b853e8f6
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN4PR2101MB0733;
x-ms-traffictypediagnostic: SN4PR2101MB0733:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <SN4PR2101MB07331DDF43EE42CC198E2D33A0570@SN4PR2101MB0733.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4125;
x-forefront-prvs: 0996D1900D
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(366004)(376002)(396003)(346002)(39860400002)(13464003)(189003)(199004)(40224003)(6436002)(30864003)(53946003)(97736004)(6306002)(9686003)(186003)(476003)(11346002)(446003)(5660300002)(14454004)(8676002)(2906002)(2171002)(68736007)(6246003)(53936002)(86362001)(52536014)(8990500004)(10090500001)(8936002)(55016002)(229853002)(102836004)(53546011)(106356001)(6506007)(76176011)(99286004)(486006)(22452003)(105586002)(71190400001)(7696005)(86612001)(71200400001)(33656002)(6116002)(305945005)(74316002)(25786009)(966005)(478600001)(14444005)(46003)(93886005)(256004)(81166006)(10290500003)(4326008)(316002)(7736002)(110136005)(15650500001)(81156014); DIR:OUT; SFP:1102; SCL:1; SRVR:SN4PR2101MB0733; H:SN4PR2101MB0736.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: kCLSCoZz2fMUkj/hihYhxLVxocwAs+cntAKxcw3gGRQwId7/t7tRVJFR3uCJp+7Wz8Rrg5oBG1zE2BrAuE4V+AD94alNavl9bZ0Yb0gFo2mDcikrZQhLqR4Knuh7ETcS4CYe1b8Y4o9bhf6l+Z3HuZ/lY4U+JOgJLm/atJokrFwJQD3QiENR0UIBtPWDuEXtC1UzH0BX9iXqYAdbVmq29IG0rF5yiz97YMSfqTpNduBmzM74xwcug1taFTFARWCRBEipwxxmjwYz6ZzkSczygPm6wMOaaNcFsbDP6pEwu2B9UCP65HmSQClB49ferIMXHYI3dvcSzxLZ+9lF/8jH3dVVK7VnQ0/9OL6r2l1EsSz+a/ozlue5+Aw1PUFoTpi969fLye7Jhs54QF8dbdP//3PZF+i+EvJZBgDU0ys1IJ0=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f9d867a4-5a4a-4ab0-52b7-08d6b853e8f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Apr 2019 16:46:24.8804 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR2101MB0733
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/I3RNeOLXfwnyg5x8JnTDhF1U1Js>
Subject: Re: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 16:46:31 -0000
> -----Original Message----- > From: nfsv4 <nfsv4-bounces@ietf.org> On Behalf Of Olga Kornievskaia > Sent: Wednesday, April 3, 2019 12:13 PM > To: Chuck Lever <chuck.lever@oracle.com> > Cc: NFSv4 <nfsv4@ietf.org> > Subject: Re: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt > > On Tue, Apr 2, 2019 at 11:15 AM Chuck Lever <chuck.lever@oracle.com> > wrote: > > > > > > > > > On Apr 2, 2019, at 10:28 AM, Olga Kornievskaia <aglo@umich.edu> wrote: > > > > > > Hi Chuck, > > > > > > First of all I apologizes for reading an out-dated version of the draft. > > > > > > There are still several things I disagree with and some questions that I have: > > > > > > 1. Encryption offload. I think it's unfair to list this as a benefit > > > of switching to TLS from tradition encryption methods. TLS adds a very > > > costly operation (public key encryption) which to reduce the impact on > > > performance needs to leverage things like offload engines. The same > > > link talks about how all modern CPUs have hardware support for > > > symmetric key ciphers like AES which speeds things up. In my opinion, > > > this list item should be removed. > > > > TLS offload actually exists. GSS does not give us any practical > > path for offloading encryption and decryption. If an example of > > a commodity part that provides GSS offload can be identified, > > I'll consider removing this bullet. > > > > > > > -- what's a transient client? > > > > An example is a guest's laptop. > > > > > > > 2. "Per-client deployment and administrative costs are not scalable" > > > (I'm assuming it means deploying keytabs). Yet the spec is talking > > > about the use of host certificates. If existing design is not scalable > > > so will the design with host certificates (or user certificates) as it > > > requires the same deployment. In my opinion, this bullet should be > > > removed (and so it the 3rd list item that talks about CPU cost of > > > encryption). > > > > Certificates on RPC clients are optional. In deployment scenarios > > that don't provide client certificates, administrative cost is > > lower. > > Sure, but then please add explicitly to the 4.2.2 (mutual > authentication) that this mode adds to the deployment cost making it > equivalent to the existing GSS model. > > > I'll change the bullet to refer to "clients" instead of "host > > systems". > > > > > > > 3. Section 4.2.3 "Advanced forms of RPC authentication". I'm surprised > > > to see this here because of the wording in Section 1. Specifically it > > > says: "An alternative approach is to employ transport layer security > > > mechanism". Here alternative was to the GSS mechanism which was listed > > > as "hard to use". So nowhere was there a talk that TLS connection can > > > be used with a GSS mechanism. Is this section suppose to be about the > > > fact that RPCSEC GSS besides authentication also provides an encrypted > > > connection? Then I think the section title should be changed to > > > "RPCSEC GSS secure connection establishment"? This section,blurs the > > > lines of RPC identify authentication via GSS identities and the TLS > > > authentication. In previous two section, it wasn't discussed what kind > > > of RPC authentication would happen on top of the TLS connection. I > > > think this whole section should be removed. Because it basically says > > > there is no need to use GSS privacy/integrity since underlying TLS > > > connection already provides that and since TLS is suppose to be > > > alternative to GSS so why combined it. > > > > We have to discuss the use of channel binding somewhere, and > > we have to discuss the double host authentication because TLS > > has a host authentication step and so does GSS. I don't see any > > discussion of user authentication here. > > I would have re-organized this to be something like: > > 4.2 Establishing an end-to-end encrypted channel > same paragraph as before about providing a transparent end-to-end > encrypted channel for the RPC operations. > 4.2.1 TLS server-only authentication > (same as before) > 4.2.2 TLS mutual authentication > (same as before) > 4.3.3 Role of the RPCSEC GSS integrity and privacy services > Here talk about redundancy of using GSS services on top of TLS. > Channel binding would go here. > > 4.3 RPC authentication on top of an encrypted channel > Here talk about how any of the existing methods (AUTH_SYS, GSS) can be > overplayed on top of the encrypted channel. Olga, I support this approach but would like to suggest it also explore the inter-relation of existing RPC authentication methods with TLS. For example, if per-user keys (obtained from the auth itself) are used to secure the TLS channel, rather than the more usual machine-wide ones. In addition there are implications on trunking and multiplexing of traffic, and under what conditions traffic destined for a TLS channel can be redirected and/or retried . For example, if GSS privacy is "downgraded" once a TLS channel binding is established, then any trunked connections cannot be used until and unless a similarly-protected TLS association is obtained on them as well. This gets especially hairy in reconnection/retry scenarios. Tom. > > I'll change the section title. > > > > > > > 4. Section 5 is about TLS authentication and PKI identities. I find it > > > confusing the use of RPC client. RPC client has RPC identities from > > > the RPC RFC. Should we use TLS client here instead? > > > > > > -- what is a TLS identifier? If it's defined in the TLS spec can we > > > either copy a definition or provide a reference for it? > > > > I'm looking for a generic term that encapsulates certificate, > > PSK, or token binding to mean the identity of the peer host. > > Anyone know of a appropriate term to use for that? > > Sorry more question about section 5 "TLS peer authentication". Is the > purpose here to describe how a server would authenticate the client or > how the client authenticates the server (or both). I think the > intention to handle "both". So if this section applies to both side > then the use "RPC client is uniquely identified by tuple" to me reads > to only apply to the RPC client. If this suppose to apply to both then > "TLS peer" maybe used? If this is suppose to be talking about just one > side authentication (whatever side that is), then why another side is > excluded (again I think it is both). Some of the bullets talk about > requirements for server authentication, but then there is wording that > server can deny > > Also, for the "pre-shared" keys section can we add a reference to > RFC8446 section 2.2 otherwise there isn't much context here. Though I > feel that this draft was about making deployment easier so the cost of > pre-sharing the keys is like going backwards. > > > > > -- If an (RPC/NFS) server suppose to make decisions about executing an > > > RPC/NFS request based on the PKI identify shouldn't there be a talk > > > about how to map the PKI identify into the NFSv4 identify? > > > > RPC over TLS is strictly about encryption at the RPC layer. It > > has nothing to do with the RPC user, and NFSv4 has no awareness > > that TLS is in use at the transport layer. > > > > The server may determine whether to accept or reject a connection > > request based on the client's identity. That identity is not used > > to authorize individual RPC requests. > > > > > > > > other comments in-line. > > > > > > On Mon, Apr 1, 2019 at 6:58 PM Chuck Lever <chuck.lever@oracle.com> > wrote: > > >> > > >> > > >> > > >>> On Apr 1, 2019, at 4:31 PM, Olga Kornievskaia <aglo@umich.edu> wrote: > > >>> > > >>> On Mon, Apr 1, 2019 at 1:50 PM Chuck Lever <chuck.lever@oracle.com> > wrote: > > >>>> > > >>>> Olga, thanks for your comments. > > >>>> > > >>>> > > >>>>> On Apr 1, 2019, at 12:06 PM, Olga Kornievskaia <aglo@umich.edu> > wrote: > > >>>>> > > >>>>> Comments about the draft-1 and section 4.3 Authentication. > > >>>>> > > >>>>> 1. Why is there no option of no client authentication and simply using > > >>>>> server-side authentication and using AUTH_SYS on top of it (and > > >>>>> perhaps this is addressed by the 2nd editorial comment in the [] but > > >>>>> the lack including this as an option bothered me). I think this is the > > >>>>> most useful option to be considered. > > >>>> > > >>>> I quite agree that it is the most useful. I don't see where we are > > >>>> specifically excluding that option, however. > > >>> > > >>> Ok I guess I have issues with wording. That section talks about "host > > >>> and user authentication". What is "host" here? Is this the NFS server > > >>> or is this a client machine where a "user" might execute NFS > > >>> operations? I really hope that "host" means an NFS server and it's the > > >>> NFS server that will be authenticated via TLS (which means a > > >>> server-side certificate will be used). > > >> > > >> I thought that "host authentication" had an unambiguous meaning. > > >> It means that the peer host is authenticated. > > >> > > >> RPCSEC GSS performs host authentication using the service principals > > >> on both peers. > > >> > > >> With TLS, AIUI, the client can always authenticate the server, because > > >> the server is required to have an identity (typically a certificate). > > >> The server can authenticate a connecting client if the client has an > > >> identity and presents it during the TLS handshake. > > >> > > >> I can add "host authentication" and "user authentication" in the > > >> Terminology section if people feel that would be helpful. Or should > > >> I use "machine authentication" instead of "host authentication" ? > > > > > > With the new organization of the draft I don't have those objections. > > > > > >> > > >> > > >>> That leads to Option 1 wording. > > >>> It's not clear which side would used a self-signed certificate and why > > >>> we right away restricting/suggestion the type of the certificate. I > > >>> think it would be better to say: "To establish a secure TLS connection > > >>> at least a server-side PKI certificate is required and can provides > > >>> server authentication. Statement: "end-to-end encryption is provided > > >>> client certificate material" ... I don't think that's what end-to-end > > >>> encryption typically means. I would rather say. "Mutual authentication > > >>> is provided when client also presents a PKI certification during a TLS > > >>> handshake." (or something of that sorts). > > >>> > > >>> My wording of the options: > > >>> TLS server-side authentication only with AUTH_SYS identity: To > > >>> establish a secure TLS connection a server-side PKI certificate is > > >>> required and provides server authentication (either self-signed or > > >>> CA-certified certificates can be used). After TLS connection is > > >>> established, the RPC client uses AUTH_SYS to identify users with the > > >>> guarantee that the UID and GID values cannot be observed or altered in > > >>> transit. > > >>> > > >>> TLS mutual authentication with AUTH_SYS: During TLS negotiation, the > > >>> client identifies itself to the server with a PKI certificate. As > > >>> with encryption-only with AUTH_SYS, UID and GID values are well > > >>> protected. In addition, the server can use the client's PKI identity > > >>> to perform additional authorization of this client's requests. > > >>> > > >>> TLS server-side authentication only with RPCSEC GSS Kerberos identify: > > >>> To establish a secure TLS connection a server-side PKI certificate is > > >>> required and provides server authentication (either self-signed or > > >>> CA-certified certificates can be used). The RPC client uses Kerberos > > >>> to identify the client host and its users, but does not request GSS > > >>> integrity or privacy services as the connection is already secured. > > >>> > > >>> TLS mutual authentication with AUTH_NONE: Each user establishes her > > >>> own TLS context with the server, identified by a user PKI certficate. > > >>> There is no need for any additional information at the RPC layer, so > > >>> the RPC client can use the simplest authentication flavor for RPC > > >>> transactions. This configuration is not typical for NFS deployments, > > >>> but it does enable strong certificate-based user authentication, which > > >>> is currently not afforded by GSS. > > >> > > >> This appears to be based on an outdated version of this document. > > >> The latest version is here: > > >> > > >> > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatra > cker.ietf.org%2Fdoc%2Fdraft-ietf-nfsv4-rpc- > tls%2F&data=02%7C01%7Cttalpey%40microsoft.com%7C03bbacc8265a4 > 10c140508d6b84f3cf2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7 > C636899047801793678&sdata=rTIELxr2yBE8vluAoCHkmZJXqd%2FwHV% > 2F2BHblUvSCz3g%3D&reserved=0 > > >> > > >> I hope Section 4.2 of the latest revision answers your questions. > > >> > > >> > > >>> If by "host" you don't mean the "server" and mean client's machine. > > >>> And for the server we are not implying that it's OK to use self-signed > > >>> certificates (which I really hoped we were not suggestion). > > >>> > > >>> Then the options I propose should be: > > >>> 1. TLS server-side authentication + AUTH_SYS user identity: this is > > >>> the favorable option of no certificates on the client at all and only > > >>> server is authenticated. > > >>> > > >>> 2. TLS mutual authentication with machine certificates + AUTH_SYS user > > >>> identity . This is where I think a suggestion to use a self-signed > > >>> certificate can be made (however see my view below that I don't this > > >>> client-side authentication gains us anything). > > >>> > > >>> 3. TLS mutual authentication with user certificates + AUTH_SYS user > identify > > >>> > > >>> 4. TLS mutual authentication with machine certificate + Kerberos user > identify > > >>> > > >>> 5. TLS mutual authentication with user certificates + Kerberos user > identify > > >>> > > >>> 6. TLS mutual authentication with user certificates + AUTH_NONE > > >>> > > >>> > > >>> > > >>>>> I don't see how adding > > >>>>> self-signed client certificates adds to the security of the system but > > >>>>> instead this adds a costly PKI operation that would impact the time it > > >>>>> takes to establish a secure connection. > > >>>> > > >>>> Self-signed certificates allow a form of weak authentication by the > > >>>> server. At least it can audit which client is connecting. The > > >>>> discussion of self-signed certs can be removed if it's not something > > >>>> we want to explicitly commend. > > >>> > > >>> In my personal option, adding self-signed (user) authentication > > >>> provides no benefits as there no attack that it protects from. We are > > >>> not proposing to use the identity gotten from the client-side of the > > >>> TLS connection and map it to an nfs4 identity, are we (cue in the SPKM > > >>> troubles here). > > >> > > >> IIRC we eventually decided not to support the use of user certs > > >> for RPC on TLS. > > > > > > I don't think that's true as the Section 5.2 talks it. > > > > Where? I see only discussion of the RPC client's identity. > > Section 5.2 says "an RPC client is uniquely identified by the tuple > .... ie certificate". To me this reads, a client has a user > certificate. But this section doesn't talk about the self-signed > certs. > > > > > > > > While there is > > > definitely a lot more information about what should go into the user > > > certificate and a concrete PKI identity : "an RPC client is uniquely > > > identified by the tuple (serial number of presented client > > > certificate;Issuer)" there is nothing about how to map this to the > > > NFSv4 identify. > > > > That's because the NFSv4 protocol is not aware of the use of TLS. > > There is no connection between NFSv4 identities and TLS. If a user > > certificate is employed, it is used strictly for host authentication. > > > > > > -- > > Chuck Lever > > > > > > > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ie > tf.org%2Fmailman%2Flistinfo%2Fnfsv4&data=02%7C01%7Cttalpey%40mi > crosoft.com%7C03bbacc8265a410c140508d6b84f3cf2%7C72f988bf86f141af9 > 1ab2d7cd011db47%7C1%7C0%7C636899047801793678&sdata=7gZKwy > NwPk7KqrbafSfzaFnP%2ByLVknRu0tqIprtpBZc%3D&reserved=0
- [nfsv4] Fwd: New Version Notification for draft-c… Chuck Lever
- Re: [nfsv4] Fwd: New Version Notification for dra… Rob Thurlow
- Re: [nfsv4] Fwd: New Version Notification for dra… Chuck Lever
- Re: [nfsv4] Fwd: New Version Notification for dra… McDonald, Alex
- Re: [nfsv4] Fwd: New Version Notification for dra… Chuck Lever
- Re: [nfsv4] Fwd: New Version Notification for dra… Tom Talpey
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… David Noveck
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Lars Eggert
- Re: [nfsv4] New Version Notification for draft-ce… Lars Eggert
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Tom Talpey
- Re: [nfsv4] New Version Notification for draft-ce… Benjamin Kaduk
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Tom Talpey
- Re: [nfsv4] New Version Notification for draft-ce… Trond Myklebust
- Re: [nfsv4] New Version Notification for draft-ce… Trond Myklebust
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Tom Talpey
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Tom Talpey
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Benjamin Kaduk
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran