IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Mon, 24 September 2018 15:45 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB504130DF1 for <nfsv4@ietfa.amsl.com>; Mon, 24 Sep 2018 08:45:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cRd1B6P6uFv3 for <nfsv4@ietfa.amsl.com>; Mon, 24 Sep 2018 08:45:43 -0700 (PDT)
Received: from mail-yw1-xc41.google.com (mail-yw1-xc41.google.com [IPv6:2607:f8b0:4864:20::c41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D4FBA130DEA for <nfsv4@ietf.org>; Mon, 24 Sep 2018 08:45:42 -0700 (PDT)
Received: by mail-yw1-xc41.google.com with SMTP id b2-v6so3878303ywe.11 for <nfsv4@ietf.org>; Mon, 24 Sep 2018 08:45:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=x6V+zaUnV88TarX+SNSLLTsxjKLsof+tW2qoT/ueDeY=; b=RsVRh9+dLqJ9L5eIfVfsssfHwPUcwOZ9pWXtCumaDhMP26byfyS+xvck6kLLBleXNR JOPj6FCuZ7YkMPgsJlwb2dnZeNdKr6Q1DeIa9bgyLfahi7IwFTMUaG4L18WVj19FzaqY s5e3gRBDDEixvOHXb1AB2O6sKEqQejT73W9Mryk5rD7A+/+j+kJYsxuBxinDpu9pn5Yn 5sXdnI0mJnT+x1g+FLv7CcoAMIRvcMp8IM6a9hXoDREb43qbVeA1hu3XO2WckXsjex/N TeAEwwgpyNQE9McGkLM5I4yUuDxhzpjY1bM0UtVhYPv/45xQxaZtuXhxPBXV8HStLLRK XmAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=x6V+zaUnV88TarX+SNSLLTsxjKLsof+tW2qoT/ueDeY=; b=NqQxTFHZAuU6JFLATIang6+90/I0TMehtD0s2uk2I7MqIlE1obK3CFGWqaqqkzn/HN FTV0oGLvtC8KpewhpzbIZbP93Q8GifDcVCptHc0dHlNMdlppe92RCCFnJRx6cOwV6yeA GquP3oN7Z3WWh9zGvIn5fwKF07b+IWkVO6p6/vqAJA1ucTtiDdqYF3Xunerw6h9M+vfU nwj+RUMnYj5omlL3OOBp/+B6f0ur+k9ZSzk1P7/Kt7LCYhF7k13XN8yCEIgrVUuFjcmd PEKknAolJXaKeMVzDcvA0f+EXaYHHdLG1ByAsC50aONZrn9jKQ29sHEYs0lbHsI/nBTF HYqg==
X-Gm-Message-State: APzg51AlBWdwek2KIXNwee5/CL7KnL40LC0dGe+Dv1RelElnNzKK5oBR yHIe4JqvblDvTR8Fmij2IsjV3CjW/GHSJi3vbMU=
X-Google-Smtp-Source: ANB0Vdb/uLWyxfzbES+6FCMgp0lLxbBcCuuCtaHssyajYmYkL3RVFPrBevjuhhfXJzNJyAbfTRXgivtBs+PmrjF08ko=
X-Received: by 2002:a81:d0d:: with SMTP id 13-v6mr4951182ywn.129.1537803941939; Mon, 24 Sep 2018 08:45:41 -0700 (PDT)
MIME-Version: 1.0
References: <153780090601.28221.16958675117475194416@ietfa.amsl.com> <CADE569F-8584-42CF-A297-E60956D368A2@oracle.com>
In-Reply-To: <CADE569F-8584-42CF-A297-E60956D368A2@oracle.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Mon, 24 Sep 2018 10:45:29 -0500
Message-ID: <CAKKJt-fmB5psmtbm9PJTnhkZkZLCBnCVZnr3fMsf++exN5XObQ@mail.gmail.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: NFSv4 <nfsv4@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="000000000000b1907205769fe158"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/LG8fk4wy_7Bdt64j7IOgIbAk_po>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2018 15:45:46 -0000

Hi, Chuck,
On Mon, Sep 24, 2018 at 10:06 AM Chuck Lever <chuck.lever@oracle.com> wrote:

>
>
> > On Sep 24, 2018, at 7:55 AM, internet-drafts@ietf.org wrote:
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Network File System Version 4 WG of the
> IETF.
> >
> >        Title           : File Content Provenance for Network File System
> version 4
> >        Author          : Charles Lever
> >       Filename        : draft-ietf-nfsv4-integrity-measurement-01.txt
> >       Pages           : 9
> >       Date            : 2018-09-24
> >
> > Abstract:
> >   This document specifies an OPTIONAL extension to NFS version 4 minor
> >   version 2 that enables file provenance information to be conveyed
> >   between NFS version 4.2 servers and clients.  File provenance
> >   information authenticates the creator of a file's content and helps
> >   guarantee the content's integrity from creation to use.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/
> >
> > There are also htmlized versions available at:
> > https://tools.ietf.org/html/draft-ietf-nfsv4-integrity-measurement-01
> >
> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-integrity-measurement-01
> >
> > A diff from the previous version is available at:
> >
> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-integrity-measurement-01
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
>
> As a result of the discussion at IETF 102 and recent follow-ups
> on this mailing list, I've made substantial changes to this
> document.
>
> - References to and discussion of Linux IMA have been replaced
> throughout the document, with the exception of a single citation
> as an informative example in the Introduction. IMA metadata is
> now referred to generically using the term "file provenance
> information".
>
> - Integrity checking of file attributes is no longer an included
> feature. There were some issues that made attribute integrity
> not straightforward for NFS, especially without an existing
> IMA/EVM standard even for local file systems. Attribute
> integrity can still be addressed at a later time.
>
> - The Introduction now makes a problem statement and discusses
> use cases instead of explaining the mechanism of file integrity
> checking. The new Introduction addresses the most common
> questions I've received during previous review.
>
> Spencer D. and other reviewers:
> - Have previously stated interoperability concerns been addressed?
> - Have normative citation requirements been sufficiently met?
>

Recognizing that I haven't done an AD Evaluation of this draft, but looking
at the responses to my previous questions, I think dropping down to one
explicit mention of IMA pointing to the best available reference is about
right.

Thanks for making that change. It will be helpful during Last Call and IESG
Evaluation.

Spencer (D)


>
> I know time is precious, but even a cursory review of this new
> revision would be helpful. It's wafer-thin!
>
> --
> Chuck Lever
>
>
>
>

v2.23.0 | Report a Bug | By Email