[nfsv4] NFS over TLS for testing

Rick Macklem <rmacklem@uoguelph.ca> Sun, 10 May 2020 00:56 UTC

Return-Path: <rmacklem@uoguelph.ca>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E34AA3A0CC5 for <nfsv4@ietfa.amsl.com>; Sat, 9 May 2020 17:56:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q0EL2kv6xAVd for <nfsv4@ietfa.amsl.com>; Sat, 9 May 2020 17:56:20 -0700 (PDT)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670044.outbound.protection.outlook.com [40.107.67.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4ED0E3A0CC3 for <nfsv4@ietf.org>; Sat, 9 May 2020 17:56:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=enXIWsSlbSCJb1YrAijyjJ04sfi3obvgM+3qkJtdTw11T6lUSSqoaOjMr/eajJyLnpW5dMq9DB1+TlW+Df2ro10vbWkaQ+S5tt7mLmPLPyjJfsg6N8cmBwflXIIIuRFO35g+egiTCIDZjWf3OZE550bYrSNxVpSoB9dUEgy9yoWUbo3aZK1gN0xnAOz0DM0/m1gXTwxippuuF5pessr7UbwLgju+TTJ4G9NDIgX1F1AyMe7lt6ia/kRyYrfczvX0RuZdeW8HPuvSB8t6iJQvbz3OvsQXrGQHsba/9Zg4JsQWVs124yrD4FJS1c9Dk7LZIbvkTiQrkfzk7tPi3vAnbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+BfQXTsvYkz/g4bK4UgMTbOCHc/DGKzOb13RgD6ER/k=; b=bUJSvQl1q+SLutGzEaiS9Km38bK7hVkDA+AnZesFn4cjgfoAhZFMJNXYAwSuDMsXiD2sqtvaXmQKcbKqfJWmIHvGwOB+MeAuoLq/Aqo6mOseOspiS4G22/mApkG+YvWWsm7jlUa/5RQgp4IMbQ7JP2kxlnqtV0JH28LWh0KliYWzF8UvnvVrcqjgRGO1rHtHMYT70nQENWpjFIgn6nAc1ySzUlIy3hO4nLlYxli7+Bt1ArMAutVtRAl7jGXOKXxZgoGs/RmDfty71CO+pSCai9bpJWGaIWG208TUozOEDuG3zcTCrc8/YP2TAkpQcuHId/kOMvorLLZPtPijA3pQzw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none
Received: from QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM (52.132.86.26) by QB1PR01MB3137.CANPRD01.PROD.OUTLOOK.COM (52.132.84.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.34; Sun, 10 May 2020 00:56:18 +0000
Received: from QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM ([fe80::dd96:945c:b6ee:ffa2]) by QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM ([fe80::dd96:945c:b6ee:ffa2%6]) with mapi id 15.20.2979.028; Sun, 10 May 2020 00:56:18 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: NFS over TLS for testing
Thread-Index: AQHWJmVu1hoa+1azw0+BfjkFxcs9fQ==
Date: Sun, 10 May 2020 00:56:18 +0000
Message-ID: <QB1PR01MB3649A532A271037BB682B171DDA00@QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=uoguelph.ca;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b362f247-4ded-4f46-08b6-08d7f47cf305
x-ms-traffictypediagnostic: QB1PR01MB3137:
x-microsoft-antispam-prvs: <QB1PR01MB3137972229E5669B1F13453EDDA00@QB1PR01MB3137.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 039975700A
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9V5Y3np/nlzJ+jXYBtr2d1F1pUfig1+3r2a1VIHkWgtlETt8pT/ye+kgmzc+hTGFieemtkXtrBLFF/XjlGhxN8Oc2VotLYkiR5QJMZ7wV+oGPGtcfs78zmQOL26pwcAs/eahiezspIX5QgpuE3jgs0a68tbxWReqDJajaLMHOP3nh8ttisjJJmZ8bnidE2436NDDIRMZdLrfU9x3eXGuLV9qxE/3aV56jjxwZhlzWDOBDpLJot6p1VMtB/xgW8rI5fBOcaWNF02x5BmLOPh7MxEBIak/vVTsNpuY+2VE1OZbWG4kNnmKCFDCTibsugwB/4heJ+tjNYiORc9KFU/JhUXPFznz3A4jlbPRQE8t0wnFahnr8swMPmSt7sDwytvYe/9X4xfQp5k2ZiElJ9y9fLmGp2xehrJUDNZDMdF5zg3b/ic2ec91yHY8SAN/mtBGfveDLL+tpRXzoWHBzKkCsSOHYryXNZpALaY2V3OwULnVRD1/FizdRYTmW7uWtr1vZhzVK2ML5FlM0w8owqE834bhSO7F3XkLmvJF07artPDk9gai4MdoHEFIukRIhqAAE2VvCEVu0/BZhP4Fgx93gNHYNobkfz35eHqb+XSDXRM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFTY:; SFS:(346002)(366004)(376002)(136003)(39850400004)(396003)(33430700001)(186003)(66556008)(66446008)(6506007)(2906002)(52536014)(71200400001)(33656002)(66476007)(66946007)(478600001)(64756008)(7696005)(9686003)(966005)(786003)(316002)(6916009)(5660300002)(4744005)(76116006)(33440700001)(8676002)(55016002)(8936002)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 3Mf9kXJGWPyF5vZ2vkn99lY2pi4ANC2BszeJyOd/m5Ra8ElJKw9rA7yTODqYWK6SbzVcovBal8JDQTuhrTXOejbgk8lTnll+L2jAfLueEg0okPpwDG0vlOnGKj77TT6CaSg2vgX+zfQRJ+kMH9XTAQS3xIXSwTro2MbozkyCW3p2hYegox88VYxfwGOoAzShKCBPtkWzT5R96i7Zz1Otj/bTtKkHJoNhaaUsJDgVHTRDi7IMGuuqgDWuntCNqFkpI6zEg7P09NeghAjNtIMdQt7rmKPtHxDj5EySybljcTGkjHueL+0VpjadW3tPwiopOz9Ki22IxtViOHk1GN4y579grj6andCAXZTAu2KnKKj3dTbtoYnqKH/+yqqYE78tJUlKmKiO1zvNgYw+bPt4NmegQ5vDO7chhE3QwfkLSby0qdAEKqUzXqDwZEkaaEN6qwFL0idnG5FrV/28pAzkBM3RcEyQrmLex4MBSFdGhXDvS1H3qKDhOw453ECeuBPtfNy5+X6expZiIgkFmXRDZ9OuNtvGmrvIx5nhgrmwxfPVdHCj1zj3vnP0JC06Fns6
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-Network-Message-Id: b362f247-4ded-4f46-08b6-08d7f47cf305
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 May 2020 00:56:18.4591 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AKLm8r9qDIMGJhmSQAPsrt3ho07I71TsfG1grk573sKtTTyQ0FZgYi1e7zsDd5N5X/zgXhGHeqkjtPRpGC98yQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB3137
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/nTbbSiBQi2-vEVdaP9zFFQVxcqc>
Subject: [nfsv4] NFS over TLS for testing
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 May 2020 00:56:25 -0000

Hi,

I now have NFS over TLS working well enough in FreeBSD that it could be
used for interop testing.
The big caveat is that it currently uses TLS1.2 because the kernel TLS in
FreeBSD cannot do TLS1.3 yet. (This will get resolved, but I don't know when.)

Setup is a bit awkward at this time, but I think this document covers the
basics of it.
http://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt

If you try it, please let me know how it goes.

rick