IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-rpc-tls-01.txt

David Noveck <davenoveck@gmail.com> Tue, 16 April 2019 17:23 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7F041201BA for <nfsv4@ietfa.amsl.com>; Tue, 16 Apr 2019 10:23:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fjcAyIzK0KyD for <nfsv4@ietfa.amsl.com>; Tue, 16 Apr 2019 10:23:46 -0700 (PDT)
Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8C7A120226 for <nfsv4@ietf.org>; Tue, 16 Apr 2019 10:23:45 -0700 (PDT)
Received: by mail-ot1-x331.google.com with SMTP id u15so18256149otq.10 for <nfsv4@ietf.org>; Tue, 16 Apr 2019 10:23:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vNbRAR93O4gYgVDdSDZ4wp4b0NSS81SgnVS6UbRIf+w=; b=LO43WgmdG/WO6esm+owy6coOOGlyBunakT4QPCUzhP8sQ2CWfc9/0RGE+5Njm8MGyz g116e97QvLzpA8OJoQHz2xm6C4fuzUjzjPnlrzQJDWIz6GL2DxeKIqaxr995OQA4nMo1 icEiLrnajtxt5Sc2k+K22goyEIcCAek727LG6UTujKxJXRS3QHzAO15qYXCYCgaFC0J1 YPly6zTW13V54pJhurEFgSLsCGZ6BWx9zbZ8l1G7pU5x+bcPngAxX3qWO4JJ9MtTMMJ6 9dtOlotsOxrZnPd4dCl5hpgo2hBxuGPDIx8LST7eA0lvHDLr+aatQC1LAEIEp+waJVdM 7wsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vNbRAR93O4gYgVDdSDZ4wp4b0NSS81SgnVS6UbRIf+w=; b=g/aSvo30SG4C2uChYlwSHsOqPvugx8aBX2ZKJm/dg51zj4a46yYoUBYNCKdzAXUwnz m5dIqFGrW2Phx7JXTCvOVFQRk0bc3IRMBAK2TRtmwAHnvgqBMA7nbQCfrnldHGvQW6Km PBT98s0nJqlP9J2fJtxpSfOxnvstQ5RLJfm6QzZjbJyWu6RaHmKT7yFVBOFh792i5VZy jF7LHcI+nNfgADMdPp4/0qSm2cOrDEj0zul/wIWEXMU8MSPjawevrJPaYKxAUeka3n9v mbpzSeVaBE9Dap7m4pw446LacJkEUPGAKM4wEGP2h0EQrrHqqG5BRpGa4R2r3jTSDGJ+ 80mw==
X-Gm-Message-State: APjAAAV5hDgDp00hRNgPgYEHgD+2JHNqHE81cRe2MSI9zpE2SsB8ow8L JUI4uqQ2czpNs9d/6rgabcwl1OxxLNWjtL2QxJuVp3oz
X-Google-Smtp-Source: APXvYqyQd/yq+ysVT++2No1/SR5wjirPcyNzn6nkV2WE4JzKkzY48ZajYW/NofVDo8kHDf7F8nXT6IpzpaSubGqBIao=
X-Received: by 2002:a9d:6c0f:: with SMTP id f15mr47658023otq.163.1555435424979; Tue, 16 Apr 2019 10:23:44 -0700 (PDT)
MIME-Version: 1.0
References: <155535049832.10773.1565621811584007627@ietfa.amsl.com> <CADaq8jcCB9g9v=h4iXu1f6=cAsU7wMdmfh31gCQKvEFw2eG=rA@mail.gmail.com> <804CB622-D696-4FAA-8040-993CB4029508@oracle.com>
In-Reply-To: <804CB622-D696-4FAA-8040-993CB4029508@oracle.com>
From: David Noveck <davenoveck@gmail.com>
Date: Tue, 16 Apr 2019 13:23:34 -0400
Message-ID: <CADaq8jfor+npTLXzGAp=JwE_WLiMyCeBSUAnfS9n2G2ByVw=cQ@mail.gmail.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fa21980586a90722"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/M4LoDmOzJDreVQE1cadmW_Cx7-M>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-rpc-tls-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 17:23:49 -0000

OK, but use of the adverb "opportunistically" without TLS being mentioned
does add confusion.  How about:

This document describes a mechanism that, through the use of
opportunistic TLS, enables
encryption of in-transit Remote Procedure Call (RPC) transactions.
This is done with
minimal administrative overhead and full interoperation with ONC RPC
implementations that do not support this mechanism.  This document
updates RFC 5531.


On Tue, Apr 16, 2019 at 1:11 PM Chuck Lever <chuck.lever@oracle.com> wrote:

>
> > On Apr 16, 2019, at 1:09 PM, David Noveck <davenoveck@gmail.com> wrote:
> >
> > I'm confused by the addition of the word "opportunistically" in the
> abstract.   This document defines an important way of providing security to
> RPC-based protocols such as NFSv4, so as to deal with the very real
> security problemms that these protocols have.    While these facilities can
> only be used when both client and the server provides support, I don't
> think that fact alone make the use of these facilties "opportunistic".
> What exactlty is this word intended to imply?
>
> "Opportunistic" is a term of art. See:
>
> https://en.wikipedia.org/wiki/Opportunistic_TLS
>
>
> > On Mon, Apr 15, 2019 at 1:48 PM <internet-drafts@ietf.org> wrote:
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Network File System Version 4 WG of the
> IETF.
> >
> >         Title           : Remote Procedure Call Encryption By Default
> >         Authors         : Trond Myklebust
> >                           Charles Lever
> >         Filename        : draft-ietf-nfsv4-rpc-tls-01.txt
> >         Pages           : 17
> >         Date            : 2019-04-15
> >
> > Abstract:
> >    This document describes a mechanism that opportunistically enables
> >    encryption of in-transit Remote Procedure Call (RPC) transactions
> >    with minimal administrative overhead and full interoperation with ONC
> >    RPC implementations that do not support this mechanism.  This
> >    document updates RFC 5531.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rpc-tls/
> >
> > There are also htmlized versions available at:
> > https://tools.ietf.org/html/draft-ietf-nfsv4-rpc-tls-01
> > https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-rpc-tls-01
> >
> > A diff from the previous version is available at:
> > https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-rpc-tls-01
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > _______________________________________________
> > nfsv4 mailing list
> > nfsv4@ietf.org
> > https://www.ietf.org/mailman/listinfo/nfsv4
>
> --
> Chuck Lever
>
>
>
>

v2.23.0 | Report a Bug | By Email