IETF Logo Mail Archive

Re: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt

Chuck Lever <chuck.lever@oracle.com> Mon, 19 November 2018 22:45 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E169512D4E7 for <nfsv4@ietfa.amsl.com>; Mon, 19 Nov 2018 14:45:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.77
X-Spam-Level:
X-Spam-Status: No, score=-4.77 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYh0uJ2QDI2a for <nfsv4@ietfa.amsl.com>; Mon, 19 Nov 2018 14:45:46 -0800 (PST)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 654631252B7 for <nfsv4@ietf.org>; Mon, 19 Nov 2018 14:45:46 -0800 (PST)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id wAJMhXPf038323; Mon, 19 Nov 2018 22:45:45 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=8uJYliccm06OitmDn4ECIq1/DOrDFB+hyR09LKyuNsI=; b=ivoApKFVlCuGq/XBDtzNXgbm8DuqNEOWN2q1V4jsGUQKscYcn8OEDd/hDle1l8voQtvY ZOSMfMCE5D0UysVmKB17V+K5GYyz3bPq4Zhu2CORsrTnn85MR/k7i55d+8BDkzQg1zqK ySjhQvcx75IzV6LZhXGoIqXFWXCtdAZC/YuBzzYdAXuQzknvO78FbRMaJ04tw/uHvfD0 P35OHV5VKPxnph7pzSm/nKbl5zjZM+9nzXcbVvarBxEePJb5WIk7KI6mH1yqoGg4Ja7s tz6T6qBZTJDKXU/5l+OT+PV/9C1qvTPQOt1YUykmsgUET1pKjtK5PnbgffP8DWaChgJd cw==
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp2120.oracle.com with ESMTP id 2ntaxq0s7d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 19 Nov 2018 22:45:45 +0000
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id wAJMjiuQ025042 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 19 Nov 2018 22:45:44 GMT
Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id wAJMjivh030831; Mon, 19 Nov 2018 22:45:44 GMT
Received: from anon-dhcp-171.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 19 Nov 2018 14:45:43 -0800
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <CO2PR0601MB7597A7490C43DAE5A3268E6B5D80@CO2PR0601MB759.namprd06.prod.outlook.com>
Date: Mon, 19 Nov 2018 17:45:42 -0500
Cc: NFSv4 <nfsv4@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C291D2E2-9FBD-4C88-A685-8C8069CABFB5@oracle.com>
References: <154264272736.5235.8955444239583271708.idtracker@ietfa.amsl.com> <50A96C3A-DBA4-4A6C-B883-664E59E24534@oracle.com> <CO2PR0601MB7597A7490C43DAE5A3268E6B5D80@CO2PR0601MB759.namprd06.prod.outlook.com>
To: "McDonald, Alex" <alexmc@netapp.com>
X-Mailer: Apple Mail (2.3445.9.1)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9082 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1811190200
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/O2DUS2etRiqNTJRNj6B1hWGb6mg>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Nov 2018 22:45:49 -0000


> On Nov 19, 2018, at 5:33 PM, McDonald, Alex <alexmc@netapp.com> wrote:
> 
> Hi Chuck
> 
> Apologies for top posting, blame MS
> 
> I was interested in the comment "We believe the combination of host authentication via TLS and user authentication via RPC provides optimal security, efficiency, and flexibility,". There's been a huge amount of negative press for TLS client auth, but there's been a push for TLS token binding as a basis for better client/server authentication. Does the proposal need to consider work in this area?

In revision 01 I added an editors note in Section 4.3. My intention
was to call out issues just like this. IMO we need to think carefully
about this area and select what is the current best practice for
host authentication via TLS.

On the other hand, there is some desire to leverage existing deployed
PKI to manage host authentication. We'll have to strike a balance.


> -----Original Message-----
> From: nfsv4 <nfsv4-bounces@ietf.org> On Behalf Of Chuck Lever
> Sent: Monday, November 19, 2018 15:56
> To: NFSv4 <nfsv4@ietf.org>
> Subject: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
> 
> 
> Hi-
> 
>> Begin forwarded message:
>> 
>> From: internet-drafts@ietf.org
>> Subject: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
>> Date: November 19, 2018 at 10:52:07 AM EST
>> To: "Trond Myklebust" <trond.myklebust@hammerspace.com>, "Charles 
>> Lever" <chuck.lever@oracle.com>, "Chuck Lever" 
>> <chuck.lever@oracle.com>
>> 
>> 
>> A new version of I-D, draft-cel-nfsv4-rpc-tls-01.txt has been 
>> successfully submitted by Charles Lever and posted to the IETF 
>> repository.
>> 
>> Name:         draft-cel-nfsv4-rpc-tls
>> Revision:     01
>> Title:                Remote Procedure Call Encryption By Default
>> Document date:        2018-11-19
>> Group:                Individual Submission
>> Pages:                9
>> URL:            https://www.ietf.org/internet-drafts/draft-cel-nfsv4-rpc-tls-01.txt
>> Status:         https://datatracker.ietf.org/doc/draft-cel-nfsv4-rpc-tls/
>> Htmlized:       https://tools.ietf.org/html/draft-cel-nfsv4-rpc-tls-01
>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-cel-nfsv4-rpc-tls
>> Diff:           https://www.ietf.org/rfcdiff?url2=draft-cel-nfsv4-rpc-tls-01
>> 
>> Abstract:
>>  This document describes a mechanism that enables encryption of in-
>>  transit Remote Procedure Call (RPC) transactions with little
>>  administrative overhead and full interoperation with RPC
>>  implementations that do not support this mechanism.  This document
>>  updates RFC 5531.
>> 
>> 
>> 
>> 
>> Please note that it may take a couple of minutes from the time of 
>> submission until the htmlized version and diff are available at tools.ietf.org.
>> 
>> The IETF Secretariat
> 
> Minor changes in revision 01:
> - Correct a legal issue reported by idnits
> - Clarify terminology throughout document
> - Add editor's note in Section 4.3 "Authentication"
> - Wordsmithing throughout
> 
> 
> The immediate question I have is whether members of WG feel this topic and document are important enough to promote rpc-tls-01 to Working Group document status. If yes, I can submit the next revision as draft-ietf-nfsv4-rpc-tls-00.
> 
> 
> --
> Chuck Lever
> 
> 
> 
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4

--
Chuck Lever

v2.23.0 | Report a Bug | By Email