Re: [nfsv4] New Version Notification for draft-dnoveck-nfsv4-security-07.txt
Thomas Haynes <loghyr@gmail.com> Thu, 16 November 2023 19:06 UTC
Return-Path: <loghyr@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E06C14CE38 for <nfsv4@ietfa.amsl.com>; Thu, 16 Nov 2023 11:06:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ijw1gQeNCN5 for <nfsv4@ietfa.amsl.com>; Thu, 16 Nov 2023 11:06:27 -0800 (PST)
Received: from mail-pl1-x632.google.com (mail-pl1-x632.google.com [IPv6:2607:f8b0:4864:20::632]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76A9EC14CE2E for <nfsv4@ietf.org>; Thu, 16 Nov 2023 11:06:27 -0800 (PST)
Received: by mail-pl1-x632.google.com with SMTP id d9443c01a7336-1cc316ccc38so10790645ad.1 for <nfsv4@ietf.org>; Thu, 16 Nov 2023 11:06:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1700161587; x=1700766387; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=kcgrMJ3K4hPiWOqsxmlwy0dRsRREqLNJfA7kGy6Uv+I=; b=RB7hP6qquZst2ICwvVL9dGDgySwewEjuAc9TnmAIQZvDFRaNHtv/khqoqt7scAkBN8 a3PhzhJghI1YR3xEOsdmPxuVSBd0XpRCYvMECBHTaMljdSY6uHBhiTD3QWUBA+ZQ5Fut Gm9BlHAAh8KPjpYGpeJYvTY0qNok4mtR1q1ZWleGx5qRMAzfs8uJ+lFywPY9HiAst0d5 GgKFoHRHa7jTZCOV6LykxvDrd/JfxY/q1/SWCAuC2KRFcihKZdA/YEvDF0E5+v5yzEG6 r7ZFqru3qUpQBBpn3vlFNW5hPqI1Y92nuDnm/wCO8a+PlqBo8pdnMV14j4y1YCCcVzNn siIQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700161587; x=1700766387; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kcgrMJ3K4hPiWOqsxmlwy0dRsRREqLNJfA7kGy6Uv+I=; b=bLqYeLjRXUsCZCGPS+nIJlpja6D5QKsYbBpWEgLZrmU/FC2cr8XsBCiNf58KtrFa7Z RjNZv/m6gP4aTwsnNrgwKYJwaovZblSz8tqqB6yfmHozlhzqKAJGz6XmDUilXCnyG7KU wyR9EGKPTFzx8dDksYF1sPNihVBiyO2Q/Oz+3yzXtcH8EM12uwRwW9zjxnW80AAyur0c 1rqKaRUyRlw+kkXbErKUTL1o+0dvuPuyJtAzJ9oixLuoPydsIe2PFycKnxowd0ozZ2PU 9jpgh3PV/g5kn47uotSiLvVkCKHSmyUolVtBcrxqYEz3dDq1ljkmFvGnctxPCz6QQh11 lLUg==
X-Gm-Message-State: AOJu0Yzor7DTAiePH1gLd8AhCGpJ9qiqcNUFqHLVic2vydtHndPt2U/G cMiOcTq5mDVjcruooWN/uOY+L8bB+eg=
X-Google-Smtp-Source: AGHT+IHFqnOJtXljSRFB2Gv6zQVslgrmMV/5P1vIusVCMNkvsY0lIUCkoDKmfYO1r0yZxPC08bQhaQ==
X-Received: by 2002:a17:903:188:b0:1cc:636f:f37c with SMTP id z8-20020a170903018800b001cc636ff37cmr10016251plg.13.1700161586608; Thu, 16 Nov 2023 11:06:26 -0800 (PST)
Received: from smtpclient.apple ([2601:647:4500:91:5873:b699:c72d:fd43]) by smtp.gmail.com with ESMTPSA id y4-20020a17090322c400b001bbb7af4963sm13697plg.68.2023.11.16.11.06.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Nov 2023 11:06:11 -0800 (PST)
From: Thomas Haynes <loghyr@gmail.com>
Message-Id: <CDF49605-5DDE-4CCE-BBF0-A038E9376CB7@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_79B72CDC-2C28-4B9F-AF0A-FE46002E56D8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
Date: Thu, 16 Nov 2023 11:05:48 -0800
In-Reply-To: <CADaq8jdiNrsN9sLR+xW1xYQtNiVVos5JLVWebSGC-YHixrLe9Q@mail.gmail.com>
Cc: NFSv4 <nfsv4@ietf.org>, Zaheduzzaman Sarker <zahed.sarker.ietf@gmail.com>
To: David Noveck <davenoveck@gmail.com>
References: <169997789858.7698.1352596107183873281@ietfa.amsl.com> <CADaq8jdiNrsN9sLR+xW1xYQtNiVVos5JLVWebSGC-YHixrLe9Q@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/RKjuDeHrB45A_YxbF-ZsjVKki7A>
Subject: Re: [nfsv4] New Version Notification for draft-dnoveck-nfsv4-security-07.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2023 19:06:31 -0000
I will be on a plane for the first meeting.
Please use a spell checker.
1) Section 1.1.1.
* The attributess owner, owner-group, and mode needed to be made
^^ spelling
2) 1.1.2.
ovecomplicate the specification, and create difficult
^^ spelling
2.1)
The attributess owner, owner-group, and mode needed to be made
REQUIRED since clients need this information and not supporting
these attributes would create troublesome interoperabiity issues.
a) This almost sounds normative, with “need” being “MUST”.
b) But more importantly, why do the clients require these attributes and what troublesome interoperability issues will arise?
c) “interoperabiity” is misspelled.
I’m not going to call out any remaining spelling errors, please use a spell checker.
3) Then:
the acl-related attributes either. To continue in this way would
Vs
* The handling of ACLs is not described in the detail normally
a) Is ACL to be capitalized or not?
b) And the first use should expand the acronym.
4)
Because of
the broad license granted by previous specifications to allow
server implementations to choose how to behave, clients are forced
to accept a broad range of server behaviors, with no way of
reliably determining server behavior actually implemented.
a) I understand why you use “license", but my first thought was confusion because I didn’t think the IETF granted use licenses.
b) “broad” is repeated. I got the point the first time you used it.
5) Is this one or two sentences? The first seems to end prematurely.
The remaining issue caused by this approach, of providing a way
for clients to determine the authorization-related effects of
setting. ACLs or other security-related attributes, cannot be
addressed in this way.
6) In section 1, features are introduced without any reference to where they appear in one of the prior documents. I understand that this is difficult due to there being 3 versions to support, but we can decide to simply reference RFC7530.
Section 1.2.
For such pending issues, the following annotations will be used:
* A paragraph headed "[Author Aside]:", provides the author's
comments about possible changes and will probably not appear in an
eventual RFC.
7) In the section tags, you can add removeInRFC=“false” or removeInRFC=“true”. You might be able to add this to other tags,
Section 1.3.
8) A lot of repetition in this section.
Perhaps the way to deal with compliance is to state that the changes made in this document they should be addressed in prior versions, but are required for the next version of NFSv4.
I.e., one specific concern would be to say that AUTH_SYS is not supported in NFSv4.3 and beyond.
Whether we require Kerberos or RPC-with-TLS is something we can determine when we get to NFS4.3.
Appendix A:
9)
Another such change was in the treatment of AUTH_SYS, previously
described, inaccurately, as an "OPTIONAL means of authentication"
with the unfortunate use of the RFC2119 keyword obscuring the
negative consequences of the typical use of AUTH_SYS (in the clear,
without client-peer authentication) for security by enabling the
execution of unauthenticated requests.
I think you are rewriting history here. The negative consequences were known at the time and accepted as a means to allow NFSv4 to be deployed in data centers “without” external connections.
I.e., it was a means to replace NFSv3 without adding the overhead of Kerberos.
10) Appendix A seems to repeat large chunks of Section 1. Is this either going to be combined or is the Appendix going to be removed in the future?
I am fine with Appendix A and B being used to track consensus as the document matures, but I don’t believe they are needed in the final document.
11) Going back to point 8 above, my motivation for consolidating the Security over the 3 versions was not to rewrite but to consolidate. I am of the firm belief that rewriting requires a new version of the protocol.
> On Nov 16, 2023, at 8:28 AM, David Noveck <davenoveck@gmail.com> wrote:
>
> As I promised at IETF118, I have submitted the next draft of the security document. I know lots of people were unable to attend, because the meeting was at 4AM Pacific among other reasons. The slides I presented are available in the datatracker. Let me know if you have any questions.
>
> I will be presenting regarding this document at the 11/21 interim. The slides will be available soon. I'd like to start discussing adoption of this document pretty soon so it would be helpful if people became more familiar with it. The diff with -07 is straightforward, but given limited familiarity with that document it might not be all that helpful and an rfcdiff with rfc8881 will be both voluminous and useless.
>
> Given that most people will not have a chance to read the full document, I am suggesting people familiarize themselves with Section 1 (about ten pages) and follow up with appendices A and B to help jumpstart our discussion of issues for which consensus needs to be ascertained.
>
> The other focus of discussion at the 11/21 meeting will be the internationalization document but there will not ne a new document for the the 11/21 or 12/5v meetings. I'm hoping for 12/19. It might be helfl for people to look at the slides for this since there is a discussionfor the working group to make.
>
> ---------- Forwarded message ---------
> From: <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>>
> Date: Tue, Nov 14, 2023 at 11:04 AM
> Subject: New Version Notification for draft-dnoveck-nfsv4-security-07.txt
> To: David Noveck <davenoveck@gmail.com <mailto:davenoveck@gmail.com>>
>
>
> A new version of Internet-Draft draft-dnoveck-nfsv4-security-07.txt has been
> successfully submitted by David Noveck and posted to the
> IETF repository.
>
> Name: draft-dnoveck-nfsv4-security
> Revision: 07
> Title: Security for the NFSv4 Protocols
> Date: 2023-11-14
> Group: Individual Submission
> Pages: 172
> URL: https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-07.txt
> Status: https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-security/
> HTML: https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-07.html
> HTMLized: https://datatracker.ietf.org/doc/html/draft-dnoveck-nfsv4-security
> Diff: https://author-tools.ietf.org/iddiff?url2=draft-dnoveck-nfsv4-security-07
>
> Abstract:
>
> This document describes the core security features of the NFSv4
> family of protocols, applying to all minor versions. The discussion
> includes the use of security features provided by RPC on a per-
> connection basis.
>
> The current version of the document is intended, in large part, to
> result in working group discussion regarding existing NFSv4 security
> issues and to provide a framework for addressing these issues and
> obtaining working group consensus regarding necessary changes.
>
> When the resulting document is eventually published as an RFC, it
> will supersede the description of security appearing in existing
> minor version specification documents such as RFC 7530 and RFC 8881.
>
>
>
> The IETF Secretariat
>
>
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] Fwd: New Version Notification for draft-d… David Noveck
- Re: [nfsv4] New Version Notification for draft-dn… Thomas Haynes
- Re: [nfsv4] New Version Notification for draft-dn… Thomas Haynes