Re: [nfsv4] RFC: new optional attribute related to owner-override
David Noveck <davenoveck@gmail.com> Wed, 02 February 2022 08:52 UTC
Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A95C3A29E3 for <nfsv4@ietfa.amsl.com>; Wed, 2 Feb 2022 00:52:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oxYkhwgWenAS for <nfsv4@ietfa.amsl.com>; Wed, 2 Feb 2022 00:52:20 -0800 (PST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E993A29E2 for <nfsv4@ietf.org>; Wed, 2 Feb 2022 00:52:20 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id r10so40685714edt.1 for <nfsv4@ietf.org>; Wed, 02 Feb 2022 00:52:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pLNzAVxtsoBl6m3foJleBLqfv6jS8JWEnw5KZzY08O8=; b=dPhYqWmEBE/lmQQl9FhtvkCLzOuPwOtsr0Hjr2MvORlNhAdoz8rUYEc05AjOrNYBNw xC//r/YG2oSsWJpjuPVvx0brRUab3Jow5WHgbkJHe0lk4DURRp3AcKK875H/wKx8kt4U AUN7wHKWnHZtDX+smZmbr/6PzeCpkwlEW6qWLA+uqZRDukGx7twz1Tw+xiM7oACmQH2a 8Hpa5v553HmW0hjGrpHWQWLmQvXDuhL60wRNpUnmvDqJwAUGSZxZZcfXgvFzO9HQmDhA vGZ23b72tfvbk0kLgBRdnUuzyxJi781TSbYwAA8A7qaz8egpubyrKHSeN/553HEJj4Wa PM8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pLNzAVxtsoBl6m3foJleBLqfv6jS8JWEnw5KZzY08O8=; b=fewHD78oCTp0987F7APchwM3DoqIIgTVE/ijuJpIcnIShyjumAyn9tpjfxCwSdtBUU oe4kn/llg9amF2fWBWlXD4guq0s6u+dGsSr6EB63tchmXjfPx4dBp4c+YbWTA+6Mr7SC HUtbOud3IrqmhhTGC0UW0vbZONZR1gDPXQ/4MvT94FCh2VrIBgTiv72imBNLApijr9j0 /+GRKDhu7Rb4gejCRbR/LXxXkgP4EE9bgqJ+c+nYV4RUy8p/Dqg311efCXje8ddpwPq2 ycoHFZfKZyKfG9/D+LG1Dq6yyFjHz24d333K8+A+gA59rBrxXnvvDwoQ79IeCZAtXT2W 8O6w==
X-Gm-Message-State: AOAM531XifcSJLCFsAEC2Nrj8WIg4GDocLJArBZz98KXimRaRxOD1r9f Iu8IknUu65F01UbirNQ8Dvuey+Ua1Arr7Dy7a7OP+H8F
X-Google-Smtp-Source: ABdhPJzaCT9ow5rfqXu0QDqzbicJbXV6M5Ltnt6R+uHau+5H5nmcCQDPxH1SE0qpQZcRx4ik0mFnMNXRgz8DbF9qMLQ=
X-Received: by 2002:a50:ef18:: with SMTP id m24mr28930950eds.297.1643791937729; Wed, 02 Feb 2022 00:52:17 -0800 (PST)
MIME-Version: 1.0
References: <YQXPR0101MB096897EB25713A75300D937ADD239@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <CADaq8jeZ_0neVTZrPM6uZqdLS_Rb-R+_CCUKmCh=uTxdV1gC6g@mail.gmail.com> <YQXPR0101MB09681F408880B88E1BFA2494DD269@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <YQXPR0101MB09681F408880B88E1BFA2494DD269@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
From: David Noveck <davenoveck@gmail.com>
Date: Wed, 02 Feb 2022 03:52:08 -0500
Message-ID: <CADaq8jdm=tOOo-Nv9aGWr07uE+M7jNNdE90GtjkXLf-wk=-pfw@mail.gmail.com>
To: Rick Macklem <rmacklem@uoguelph.ca>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000887ba205d70522ff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/MC8NcrQaZBQsNqscjNBOdFvYNJw>
Subject: Re: [nfsv4] RFC: new optional attribute related to owner-override
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2022 08:52:25 -0000
On Mon, Jan 31, 2022, 8:13 PM Rick Macklem <rmacklem@uoguelph.ca> wrote: > Hopefully people don't mind a top post... > I certainly don't mind. > Thanks David, for your comments. > I am comfortable with anything that you think fits well with > your security work. > > I agree that an attribute that is per clientid is pushing it, and > I think you are correct that it is not acceptable. > In security-05, I will mention the need but not get into details regarding solutions. > > A read-only attribute might be useful, although I think allowing > a client to negotiate a preferable security model would be beneficial. > I agree but to me this is a question of time. A better solution is to be preferred but I'm prepared for something good enough > > I am not sure that extending ExchangeID is a good plan, since it works > well in its current form and doesn't need additional complexity. > Another possibility is a new operation that a client can use to > negotiate security options. The attribute proposed one set, based > on the "owner override" concept. There may be others that become > clear during your security work? > I haven't come across anything that would not fit the attribute model in which the server chooses and discloses it's behavior. > > I would like to wait and see what others think. > > I will not be adding this to my current draft, since I no longer believe > that an optional attribute is the correct way to do this, > > rick > > > ________________________________________ > From: David Noveck <davenoveck@gmail.com> > Sent: Monday, January 31, 2022 8:59 AM > To: Rick Macklem > Cc: nfsv4@ietf.org > Subject: Re: [nfsv4] RFC: new optional attribute related to owner-override > > CAUTION: This email originated from outside of the University of Guelph. > Do not click links or open attachments unless you recognize the sender and > know the content is safe. If in doubt, forward suspicious emails to > IThelp@uoguelph.ca > > > >I am thinking of adding this attribute to my draft, but thought > > I'd ask for comments first. > > Thanks for asking. I hope my comments below do not cause you to regret > that decision. > > I believe that this is a helpful idea to address a gap in existing > specifications and I would very much like to see it developed further. > However, there are a number of reasons that I think that putting it into > your existing I-D is might not be the right venue. > > * What you have proposed is really outside the scope of the NFSv4 > attribute model, at least when used with SETATTR, as you have proposed. It > doesn't really fit without other other attributes which do not seek to > extend the attribute concept in a major way. I anticipate that if you > keep to the existing model, we could adopt that document as a WG document > soon and look to getting to WGLC in about six months. > * Even If you were prepared to cut this back to a > GETATTR/VERIFY/NVERIFY, it seems likely to me that the possible connection > with draft-ietf-nfsv4-security is likely to add substantial delay to the > process. It's up to you but I would suggest getting done what can be > (relatively) easily done now and defer the harder part until the future of > draft-ietf-nfsv4-security is clearer. > > Let me provide you some background about things I am expecting to do in > draft-ietf-nfsv4-security-05 and how I might address your work in that > document. > > * In a number of places in which existing specs create choices for the > server (implicitly, not using "MAY" or "OPTIONAL"), I intend to refer, in a > new subsection of Section 16 ("Future Security Needs"), to the possibility > that new optional attributes could be defined to allow the client to > understand which of choices left to it by the existing specs the server has > chosen. Other than to list the issues to be addressed, it doesn't make > sense for me to have much detail regarding documents not written or adopted > as wg documents. > * I could, if you are OK with it, include the read-only version of > your attribute in that list. > * With regard to the SETATTR use of your attribute, I think that the > right alternative is to deal with this by adding new flags to EXCHANGE_ID. > I think I could allude to this possibility in security-05, if you don't > have a problem with that. > > As far as where to first publish your idea in a document, it seems to me > you have the following possible choices: > > * It could make sense as a separate I-D, either with the goal of wg > adoption in this form, or expecting it to be merged into another document > before working group adoption. > * One possibility is to merge it with the similar attributes mentioned > above to clear up ambiguities about various forms of essentially optional > server behavior. I could see work on this document proceeding in parallel > with further work on security-xx and the rfc5661bis document suite. If we > took this approach, we would need to be careful not to create troublesome > inter-document dependencies while keeping to a common approach to the > matters under discusion. > > I anticipate that security-xx would continue to deal with the options as > they are now without adding references to the newsecattrs documents. > > Once the newseecattrs documents is adopted, I expect it would refer, > informatively, to security-xx. This migght delay newsecattrs publication > as RFC but i don't find that troublesome since necessary prototype would > probably not be impeded. > > * Another possibility, if you want to preserve the SETATTR-like part > of this, is to combine it in a document addressing a set of desirable > EXCHANGE_ID. I have at least one such extension in mind, connected with > smoothing the lock reclaim process in the event of large numbers of opens > to be reclaimed. I'll send a more detailed description in an email next > week but will not have time to work on a document until security-05 is > out. Sigh! > > I think that, for any of these approaches to the publication process, it > would help if we worked together on prototypes. I think I would be able to > do a prototype ontap implementation some time in 2022. I think virtual > bakeathon testing is desirable but, if I can't get that arranged, I think > we could figure out other ways of doing interoperability testing. > > On Sat, Jan 29, 2022 at 5:59 PM Rick Macklem <rmacklem@uoguelph.ca<mailto: > rmacklem@uoguelph.ca>> wrote: > I am thinking of adding this attribute to my draft, but thought > I'd ask for comments first. > > This one would be per server (for a given client's ClientID) and > would apply to the following operations: > Read, Write, Setattr-of-size, Allocate, Deallocate, Copy, > Open(Claim_delegate_cur/Claim_deleg_cur_fh) > > I am thinking of a tri-state attribute: > 1 - A permission check is done via mode or ACL for each of the > above operations. > 2 - The owner of the file is permitted to perform the above operations. > For non-owner requests, a permission check is done via mode or ACL > for each of the above operations. > 3 - The operation is permitted, if an appropriate valid stateid(s) (not > special stateid(s)) is provided, plus: > - The client has been peer authenticated. > - At least integrity protection is being applied to the connection the > request is received on. > (Appropriate stateid would be defined, but for this discussion, I think > what is appropriate should be fairly obvious. Note that a lock_stateid > is always associated with an open_stateid via open_to_lock_stateid and > the open_stateid is for Read, Write, or Both access.) > > A server would not be required to support all 3 attribute values and > would return NFS4ERR_INVAL for any value not supported when a > Setattr of the attribute is attempted. > > The setting would apply to the ClientID implied by the Sequence > operation for the compound the operation is in. > > The object would be to both document what the serve implements > and to allow a client to select a preference, for servers that support > more than one of the above 3 attribute values. > (Probably an enumerated type when done in XDR.) > > So, what do others think? rick > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org<mailto:nfsv4@ietf.org> > https://www.ietf.org/mailman/listinfo/nfsv4 >
- [nfsv4] RFC: new optional attribute related to ow… Rick Macklem
- Re: [nfsv4] RFC: new optional attribute related t… David Noveck
- Re: [nfsv4] RFC: new optional attribute related t… Rick Macklem
- Re: [nfsv4] RFC: new optional attribute related t… David Noveck