Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-02.txt
Benjamin Kaduk <kaduk@mit.edu> Wed, 10 October 2018 01:06 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91EE2130E45 for <nfsv4@ietfa.amsl.com>; Tue, 9 Oct 2018 18:06:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j4S910rXu-Em for <nfsv4@ietfa.amsl.com>; Tue, 9 Oct 2018 18:06:16 -0700 (PDT)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BDF1130E3D for <nfsv4@ietf.org>; Tue, 9 Oct 2018 18:06:15 -0700 (PDT)
X-AuditID: 12074425-9ebff70000002be8-ec-5bbd50846b88
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id D7.A2.11240.5805DBB5; Tue, 9 Oct 2018 21:06:14 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w9A168bc002604; Tue, 9 Oct 2018 21:06:10 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w9A164Ln008303 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 9 Oct 2018 21:06:07 -0400
Date: Tue, 09 Oct 2018 20:06:04 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Chuck Lever <chucklever@gmail.com>
Cc: "Everhart, Craig" <Craig.Everhart@netapp.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Message-ID: <20181010010604.GE3293@kduck.kaduk.org>
References: <153901060913.16390.8389561648327812120@ietfa.amsl.com> <23D33FE9-54F9-40CB-AC41-23EC15603E47@netapp.com> <BACFE07D-B843-485F-97EE-4D36ABAB356F@gmail.com> <55FF4CA0-BB68-44F1-AFAC-DD1E0F9443C2@netapp.com> <B89BBD1B-C06B-4694-BB78-8BFE3B04EC36@gmail.com> <080D3CB4-1120-4BA5-9ED1-037589BCB0CF@netapp.com> <0B7D2395-5E79-48CD-ADA1-E80A7C6F2073@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <0B7D2395-5E79-48CD-ADA1-E80A7C6F2073@gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupgleLIzCtJLcpLzFFi42IRYrdT0W0L2BttcOGDkMWBFQdZLU6cns5k Mfv9I1YHZo+ds+6yeyxZ8pPJY8anL2wBzFFcNimpOZllqUX6dglcGa9f9rEXvBSuODP/NFMD 43/+LkZODgkBE4n5Uz+ydTFycQgJLGaSaPuyjBHC2cAocXz1cSjnCpPEni9/mUBaWARUJP4/ mcMKYrMB2Q3dl5lBbBEBNYnOvVtZQGxmgViJVycfgNULC/hJ7Go/BRbnFTAGqj/DDDH0B5NE 08uvTBAJQYmTM59ANWtJ3Pj3EijOAWRLSyz/xwES5hSwldjduBtsl6iAssTevkPsExgFZiHp noWkexZC9wJG5lWMsim5Vbq5iZk5xanJusXJiXl5qUW6Fnq5mSV6qSmlmxjBweuiuoNxzl+v Q4wCHIxKPLwNF/ZEC7EmlhVX5h5ilORgUhLl7XLfGy3El5SfUpmRWJwRX1Sak1p8iFGCg1lJ hHf3Q6By3pTEyqrUonyYlDQHi5I476SWxdFCAumJJanZqakFqUUwWRkODiUJ3jx/oKGCRanp qRVpmTklCGkmDk6Q4TxAw//5AdXwFhck5hZnpkPkTzEac7Q9vT6DmaMDRAqx5OXnpUqJ864A GScAUppRmgc3DZSAJLL317xiFAd6Tpj3FkgVDzB5wc17BbSKCWjVqRCQP4pLEhFSUg2Ma3z/ zK6zrXs+Y1FC2/vDAcLuUg2XRPcnTRM5/bzz1Ivy7kbZU7Pjrgf+cPh/Ip9tsqfmG+nF5S8Y e9ff2+rFzJGkoWH82EH0uPYEKfs3J7LbN6yepMF4+rpsSePtNXN1Dih/3ygQ/v6t7FYpc+4S w9mcrYaFdnM01c/++brlXuzWA3febfvJoMRSnJFoqMVcVJwIANdSBbsbAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/MIF4Ou6OOLA-hakXz0Q0FbnNlUY>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-02.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Oct 2018 01:06:18 -0000
On Tue, Oct 09, 2018 at 11:24:13AM -0400, Chuck Lever wrote: > > > > On Oct 8, 2018, at 5:17 PM, Everhart, Craig <Craig.Everhart@netapp.com> wrote: > > > > and there would need > > to be a strong guarantee that the network between the server and clients > > is of very high integrity. Perhaps the use of a GSS integrity service > > would be required in such a use case. > > > > Why does this impose additional requirements on this OPTIONAL, but otherwise completely opaque, service? What additional requirements does it levy? Why wouldn't, for example, it be totally adequate to apply other techniques for recovering incompatibility? For example, if the provenance information were to include, effectively, a checksum of the content, what is the range of meaningful actions available to the provenance assessor if the file object's checksum were not to match that in the provenance's checksum? > > Again, "meaningful actions" are policy to be determined by the provenance > assessor. This is a separate, independent security module that is not a > part of the storage or file system stack. > > If you have any questions about the assessor, have a look at the IMA > reference cited at the end of the document, or review the IMA > implementation in the Linux kernel. I have a question about "the assessor", but it is not about the internals of IMA's operation. In particular, it relates to the usage of the definite article. As Craig has noted upthread, any given NFS server can be serving a broad array of clients and datasets, to the extent that it seems unreasonable to assume that any given NFS server either only servers IMA-capable clients or non-IMA-capable clients. (That is, not a mix of both.) The situation gets much more complicated if one posits a non-IMA implemnetation of provenance information. In mixed environments one cannot assume that provenance information implies IMA -- for well-behaved interoperability there must be some in-protocol indication of which of the many potential assessors should receive the information. Also upthread the claim was made that with no specification for IMA or other assessors, there cannot be a registry. I don't think this is actually true; e.g., an open registration policy such as expert review or FCFS can allow for codepoint allocation for protocols at varying levels of specification maturity. I actually think a registry makes the most sense here and would suggest the Expert Review procedure for it. -Ben
- [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-me… internet-drafts
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Benjamin Kaduk
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever