IETF Logo Mail Archive

Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls

Benjamin Kaduk <kaduk@mit.edu> Sun, 12 April 2020 16:32 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB2953A0FAE for <nfsv4@ietfa.amsl.com>; Sun, 12 Apr 2020 09:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pY1TYPDW3dNZ for <nfsv4@ietfa.amsl.com>; Sun, 12 Apr 2020 09:32:43 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B42D3A0FAD for <nfsv4@ietf.org>; Sun, 12 Apr 2020 09:32:43 -0700 (PDT)
Received: from mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 03CGWc1A007754 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 12 Apr 2020 12:32:40 -0400
Date: Sun, 12 Apr 2020 09:32:38 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: "nfsv4@ietf.org" <nfsv4@ietf.org>
Message-ID: <20200412163238.GP88064@mit.edu>
References: <FA2D661E-A787-4772-8F9D-A7594AE82F38@oracle.com> <CADaq8jciLWhL_FMmPcsdrVVS=9Gee8SYAsqi36H5v9iuNo7Pgw@mail.gmail.com> <E414F060-532B-4017-AC7E-5869884B2153@oracle.com> <e5796752c6204ffdd78503b1a9c9045cfd761e52.camel@gmail.com> <F9AC44CE-750E-416A-944D-E2382524020E@oracle.com> <19d2513b1093fc71223e361afca90d1a1ad6183a.camel@gmail.com> <35D9AEC0-7961-4C44-9715-26409D6182E4@oracle.com> <QB1PR01MB36492235E6EF60129A0329D7DDDE0@QB1PR01MB3649.CANPRD01.PROD.OUTLOOK.COM> <20200412023716.GN88064@mit.edu> <A302DD40-DAA7-4473-AB5F-0950533A3D5E@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <A302DD40-DAA7-4473-AB5F-0950533A3D5E@oracle.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/PZA5m0PBxisc81aSR7SytCmAlHY>
Subject: Re: [nfsv4] AD review of draft-ietf-nfsv4-rpc-tls
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Apr 2020 16:32:45 -0000

On Sun, Apr 12, 2020 at 12:27:14PM -0400, Chuck Lever wrote:
> Hi Ben -
> 
> > On Apr 11, 2020, at 10:37 PM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> > 
> > On Fri, Apr 10, 2020 at 03:33:51PM +0000, Rick Macklem wrote:
> >> Chuck Lever wrote:
> >> [stuff snipped]
> >>> Then I started thinking about TCP.
> >>> 
> >>> Since we have implementations that use the same connection to transport
> >>> multiple RPC programs, we have to make a different statement. What should
> >>> that statement be?
> >>> 
> >>> I wondered again about whether it makes sense to permit or encourage
> >>> multiple TLS sessions on the same connection.
> >>> 
> >>> If you wanted to, how would you establish a second TLS session? Because
> >>> of the "no clear-text RPCs after a TLS session has been established"
> >>> stipulation, the client would have to perform a bunch of AUTH_TLS probes
> >>> _before_ sending any ClientHello messages.
> >>> 
> >>> (And in any event we probably want rpc-tls to discuss what should happen
> >>> if there is traffic on the connection between the AUTH_TLS probe and
> >>> the ClientHello message).
> >> I think that multiple AUTH_TLS probes before sending ClientHello
> >> is both difficult to implement and confusing.
> >> 
> >> The AUTH_TLS probe serves two purposes well.
> >> 1 - It establishes whether or not RPC-over-TLS is supported by the server.
> >> 2 - If supported, it triggers a TLS handshake for the first session.
> >> 
> >> If you do want multiple TLS sessions on the same TCP connection (I'll assume TLS
> >> allows this?), then I think a separate kind of AUTH_TLS Null RPC which is done
> > 
> > TLS doesn't really allow this.
> 
> I want to understand how to word the text in rpc-tls. "this" here means
> "multiple TLS sessions on the same TCP connection" ? What happens when
> the client peer sends a second ClientHello message on a connection with
> an established TLS session? I haven't been able to find a firm description
> of how a server is supposed to respond in this case.

There's two possibilities that I see:

(1) the second ClientHello is unencrypted, in which case the server sees a
TLS record whose deprotection fails and aborts the connection

(2) the second ClientHello is encrypted with the current record-protection
keys, in which case a TLS 1.2 server starts the "renegotiation" process and
a TLS 1.3 server aborts the connection for a protocol violation.

TLS 1.2 renegotiation semantics are not particularly well specified, which
is part of why renegotiation was removed from TLS 1.3.  In particular, many
people will argue that that the "renegotiated" handshake would completely
replace the original one in a logical sense, so that only one client
authentication would be active (the latest one).  What is clear is that
only one cryptographic context would be active, so you could not interleave
TLS records on the TCP stream that are protected by different encryption
keys.

Does that help?

-Ben

v2.23.0 | Report a Bug | By Email