[nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integrity-measurement-05.txt

Chuck Lever <chuck.lever@oracle.com> Thu, 06 June 2019 14:45 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE4EE120115 for <nfsv4@ietfa.amsl.com>; Thu, 6 Jun 2019 07:45:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bh6NATdm7LCV for <nfsv4@ietfa.amsl.com>; Thu, 6 Jun 2019 07:44:57 -0700 (PDT)
Received: from aserp2130.oracle.com (aserp2130.oracle.com [141.146.126.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E192120043 for <nfsv4@ietf.org>; Thu, 6 Jun 2019 07:44:57 -0700 (PDT)
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x56EYFRD124604 for <nfsv4@ietf.org>; Thu, 6 Jun 2019 14:44:56 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : content-type : content-transfer-encoding : mime-version : subject : message-id : references : to : date; s=corp-2018-07-02; bh=TbAGfTbnAlxtFsn90poXtMwUOrcjyBgfxcx+c3jt2Uo=; b=baiyKyGTxniiE3PvJBE0FLknfFJA7K/6n8CNy1vLbbl4z9PtOXMx0Lwoxj1rwtopCh+l vXmFvdZJl5jZyOqf3Eb0RY/L126bQkEFli7kc+3zbX20Hn4YeKbMwhfuCBIpS6hQnPNL NvmMZmTyb+S4tcrvqKxsIx0KMpXcIxpC0cuGrJZIk8AfXECttfXizsa5Pl8DKgqWnG3S Bfk26alKTRGCI1MmqtS9iAZEcF34pbBfwYZ6kbBph+N2e3T2dhAVrFMNGRIkcznVb5RV Y+VeFVA2cbnowdMI90gyNVtO5F4ptxWsH/wP1o4w1gwNjPVMlme0fSvdqBbT/dRtCT+f AQ==
Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by aserp2130.oracle.com with ESMTP id 2suevds6f8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Thu, 06 Jun 2019 14:44:56 +0000
Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x56Ehui5010850 for <nfsv4@ietf.org>; Thu, 6 Jun 2019 14:44:55 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3020.oracle.com with ESMTP id 2swngjfvb1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Thu, 06 Jun 2019 14:44:55 +0000
Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x56EisKg005887 for <nfsv4@ietf.org>; Thu, 6 Jun 2019 14:44:54 GMT
Received: from anon-dhcp-171.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 06 Jun 2019 07:44:54 -0700
From: Chuck Lever <chuck.lever@oracle.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Message-Id: <CFEBD43C-2C5A-419A-95C6-D60ABE2334D0@oracle.com>
References: <155983186869.11711.4407873622391875112@ietfa.amsl.com>
To: NFSv4 <nfsv4@ietf.org>
Date: Thu, 6 Jun 2019 10:44:53 -0400
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9280 signatures=668687
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906060102
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9280 signatures=668687
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906060102
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/Lx7BFl0IcM6XGJDlDyrH1_ZCb0c>
Subject: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integrity-measurement-05.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2019 14:45:01 -0000

> Begin forwarded message:
> 
> From: internet-drafts@ietf.org
> Subject: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-05.txt
> Date: June 6, 2019 at 10:37:48 AM EDT
> To: <i-d-announce@ietf.org>
> Cc: nfsv4@ietf.org
> Reply-To: nfsv4@ietf.org
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network File System Version 4 WG of the IETF.
> 
>        Title           : Integrity Measurement for Network File System version 4
>        Author          : Charles Lever
> 	Filename        : draft-ietf-nfsv4-integrity-measurement-05.txt
> 	Pages           : 17
> 	Date            : 2019-06-06
> 
> Abstract:
>   This document specifies an OPTIONAL extension to NFS version 4 minor
>   version 2 that enables Linux Integrity Measurement Architecture
>   metadata (IMA) to be conveyed between NFS version 4.2 servers and
>   clients.  Integrity measurement authenticates the creator of a file's
>   content and helps guarantee the content's integrity end-to-end from
>   creation to use.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-nfsv4-integrity-measurement-05
> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-integrity-measurement-05
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-integrity-measurement-05
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/

This revision attempts to address Dave's review comments on -04. In particular,
the Introduction explains why it is not necessary for the document to describe
in detail the format of IMA metadata, as he suggested in his review.

Section 4 now includes discussion of OPEN(CREATE) and NVERIFY/VERIFY, in addition
to a new status code for reporting integrity check failures.

I've also expanded the discussion of the use of certificates for authentication,
though it's possible to go into more detail if someone has suggestions.

The draft submission window will close for IETF 105 on July 7.


--
Chuck Lever