Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-04.txt
Rick Macklem <rmacklem@uoguelph.ca> Sun, 26 December 2021 17:11 UTC
Return-Path: <rmacklem@uoguelph.ca>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FBD13A0DFE; Sun, 26 Dec 2021 09:11:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uoguelph.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jHjr2w7ru3J4; Sun, 26 Dec 2021 09:11:03 -0800 (PST)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-to1can01on062b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5d::62b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61F4E3A0DFD; Sun, 26 Dec 2021 09:11:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AmJ9gDnJclmdgAu2m3ppxF9lwu34pGX+CNB4nZrQADZoEXXIsBunnKLekrH/Js0a2AiPdW/NLiF/oBCXwVaWV+zjG14WZQRda4Mmc6XQMEAZ59BC3zCpPl1TNbCUWfj0ypMJkM8eQrqbrUSUy3N1ZC1VvkxEtv06D1uNCbZOd3u0YnT6+kXnDSoUx2gKtyYM9H0/rlUFCgForTu3I/kCV64UEXfFOAa+eOsyosBSVoLoE11rQtmuf6MW2t189JpQrKvu+v6nLYt6rcB+u96vMwxQitJveqZe8HozE/alESe2/0CHfwbdYKz9yx7cc2DzOhKmTTe64Mnob+JMbSH63g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XQBp5BoD97Exu5V0GHCWg087IH8odXKfe4At2RRwZ+g=; b=MDgwj/0D3zxPW8nVSr5y3LnMrK0VowMM1K+SdXSpZ5JVprIqiD6EPkCLGTh67k3ADfwSgwkPh306ya6T5MUa5O/K3x7k7soM6bs+194En0F8L7sFOEwf4H40FbGuEqjKCKZWGZ5uoLIBb/7rCw3PrhtpaUzECxH+ZJUxMD+ZitvbyrxR+WwWZKe6IYn0IIP1zvIGJE4A7g2ZaaSWc3TrB7KhTUFQ4YBSjdyZryKrRjx3Xq1T2XlOeKXcl+Q36SAI/OjnQivekcXIIOIU9We61DvheTFanCNgpUE1KnFjupufd+E/NYNdEAOBlL3Cbt25yxR3l7cZjR043NG63rDAJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XQBp5BoD97Exu5V0GHCWg087IH8odXKfe4At2RRwZ+g=; b=M/5NuqhnxrZ+ulkCD4zR4RdZCrUKVPNJ7qbWIK/yd5SLPAZEaUJUGPA2SAeUAnW7paMBNWIyhIDMaOrxSc7yoti/IfLXEHAkjNo2I6sNw0V7aZNgHDdziAnSV7dmxkDKmYSRcVDTkZqHlP81pRQTv7B7KSETYSCaX2/VJ5JMO6A7vwSloldJ94yDnvMxwqIYdeibtLCbMq8UJ4E86qZNQ9YAPSCmrH44KRp15+6fJ8bwgu5WKxJ7REe4SgY3L/0xdhk7+i9cXjXEEcQXkqybyETauEAZkFbR9UzkEATBYRKFtLrMWgdYl6GCP+FuHc5GOM0jEkqePpXamPL+QXyktQ==
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:19::29) by QB1PR01MB3684.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:36::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4823.19; Sun, 26 Dec 2021 17:10:56 +0000
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::50bf:ecf6:9d13:fd03]) by YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::50bf:ecf6:9d13:fd03%4]) with mapi id 15.20.4823.022; Sun, 26 Dec 2021 17:10:56 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: David Noveck <davenoveck@gmail.com>, NFSv4 <nfsv4@ietf.org>, nfsv4-chairs <nfsv4-chairs@ietf.org>, "nfsv4-ads@ietf.org" <nfsv4-ads@ietf.org>
Thread-Topic: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-04.txt
Thread-Index: AQHX+M0Zr/DOM25hTke40cIHszU7L6xFAAsY
Date: Sun, 26 Dec 2021 17:10:56 +0000
Message-ID: <YQXPR0101MB0968F5FF151B721648EE4F26DD419@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
References: <164035267965.25968.10921853654415505678@ietfa.amsl.com> <CADaq8jcXitpCCA+y3u6dYxGM95rfX6UtuZTm27g=Ht6=8x3+Qw@mail.gmail.com>
In-Reply-To: <CADaq8jcXitpCCA+y3u6dYxGM95rfX6UtuZTm27g=Ht6=8x3+Qw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 1f74b734-336c-b975-c32b-d488b219b4bc
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uoguelph.ca;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6caa2597-df2f-43fb-043b-08d9c892ae65
x-ms-traffictypediagnostic: QB1PR01MB3684:EE_
x-microsoft-antispam-prvs: <QB1PR01MB36843F49674972C86905D212DD419@QB1PR01MB3684.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Vz1BogflUxZocHjoTkD9ila2fobtc8hSS5FUG0Q2s8g62HelNZY8eNIX/LxOk/rLG6oAjOzTELDbtIc19f19pxLaLkn71fCHe+/1fYV5cHB+sEl3qddupeV1SwWu8xnpZhpQyKVFP2WpUfR9Ye7PxHnS7TP2TSBIElXIsG9OdQSOLPaQoiaBKpvWG0ALc4stACxMxOuWZLX4tKGFyuGLma4pcGyTzGYewkuFOWhXPbdIU/J/QGxRMwPwiR+8K6xi696+fdDTn5DuS3C1py7NyEw2CwxJJUidN4pPq5zI/L4HvflD8bg+lhQeUEjqCnmQDUeWRJpXGJxZcNt1KakXpFvTvNNpyUFQ6AU6avlW27B6x178AwmNoTQij3eahAHEF6G4Dj27IpdQpQDNN1Z8iHU0ErrpapZfUFKwVMGyFD/7jilmDjjRpQZ4NIeNrtsfPrdEURNf3cksdH1bO1SzoU8g9FzgIQ5G+1awyOEa6KxBWnxe8ABNLjRLOoIBABXw7EvhPZ/oD2Gqe11DFVwPl/eWV4Sn7fGaCrpJUr9fVTqzpKlbDWzcxZ25L2uE+gY1xtRjFzykD3Q8DS0HVYVfRa5lKdLnPU4BjobKxZLl9330PoXtVpHV6zIs5+vcVYOvI/U6STLc/DOTkarndMAAW+AcSiEzddhxLGc4gMQ7aVS5sk5hL+Ea92OZQbesyTeV7bb/dXLL7ZB+EuiTEzNetfiXMeGPdaDwiFd9u724Bm8+1OrWL2ZF6uQ7yCN4rUIKWc8Xg3/nQd/OParARXq0PUNGo28RIvU/gX/w8VVa/h/l92AB07/jEE8hupFoMwiTmF9GlnRDs0vbS70KZq9Hug==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(66946007)(6506007)(64756008)(66556008)(9686003)(66476007)(91956017)(76116006)(8936002)(86362001)(53546011)(66446008)(52536014)(55016003)(38070700005)(2906002)(186003)(966005)(83380400001)(316002)(508600001)(786003)(15650500001)(8676002)(5660300002)(38100700002)(122000001)(33656002)(7696005)(4001150100001)(110136005)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: W0PdHIiaWUJH9BqVmHrlTvoJy1s1WrKXAefhM7VjHyRT/KU29kNQ2Ssawo5F3HWiaG2Wj1v0WHYh1fUOOGZq3xL80wjRGZ9gGwhwt4/XTQIAWbCe0mTnr4Wm3QPfCNAHMZJE9q+Daizu88gR5WKIii0N1bgQ0L+gMztc+8ChYMLa99ti3wfEktD2HjuT7+xR/MaPzGebHb+CzaLXtL15ajcDJ+zEdeGyMWeL9cU4KeFR2IIQ5Du/eGBTbtBjmkXflhi2B81rQFUS7gTJnzF/mdtIp7Hn2VPu5c0W6q38sloehETVE/CKAxnvJjs81Zoet/rgYg6dBm4JpIhCaZIHkroensAywTpx6GlgEkwWN3oCitJMKshoeOSL0OqYHhvXrSxHu+vDTxIT6NlPGyKfk1bZRPa4U8tQPNe7JeAyaWxAs8C6w+FmxeEgWZCAyWZamchOX1A73F+Jg5zZjmKuzAJ+scnOX6u7ekFoiAv9rBpQYmSUDD1KGQB226r6lG4FqCadXKMRc+9sINfzl98Kq2kDsJdnO7i1GN6RFHDsB5HBVDqOOHeZjCECChPE4iQ7YwWzhF3bFz/DaLO9d0vzCI4Fbsjmb96ElmFWXHiOIiz/yo20BCwL9u9QCn0nVZ0W3aZbHBz5encqvJPYXrzBzMlRdJGLihL7rN41GXPbfaEeixLqah5YxNdr9EaGwAg8FotEVNQTjXNr9fnyQcoTw1/HCtXArBl07P3NdhxiaC5rTi9LFaXqkt1HKX35CYqa3AYDCirsKQaLoywV0z3q7hG2p8nO2EDQ9ovoQUhA4+Oag8lbc50znUz1SpTSy6YbnY79M3Bt9ygiQj8Z4skE0VOA1dBCkNP5G8jLZJyStknM4WXpep39Ncpm+xeleYYILS6QT6smBmULZZmXb47GuiPv8HeQijhRo9PknXP4vgcoz0QN0pDjjQB10GcUezDQdWBiU+DbK7oaP7wJY74dolZZOCHGq3MwkmdJIxbyhjlpnUsxIpyhYUaI91TZfYI9kSBcND2Aa4K/61+3k5hzAkej9JVcctKLS1N7kkkY6R1SPUE+O+GCAEQ1kTx23frqah9BoX+zKvR+WkCkudfTGnX+LaTxtLn2E5O1Q3LZks8eqWXGfb+a7ST+RICUUrndQCCgT1krnuOD90YNh2pA/yWsN3/trh6BBPBuvRxIIXU2huprkYI+FCL1qatBZPtwynKQkbwt7fH1szS+y0j+XVtx9wKdFhac32qmKYM+diWY77SikmheaEhK0QT44qlyWOfJZ2sdFsb8ftG2nMC7o5WT6AR09xVQwUiAVWssVbckXsGIafOq4b5/SiNPAxL7nhe0CSh88AniYxjko26YhEdANqAQwOaAti+AN52O8GJTtsVKI8mBrhsj1IqFjLJvYdVNfLC28yr9w0osIs4Um4N7CqeqU+DvsfL1t8radMHFrDo8UfLx4emBsBGaoUDEBtwiFqPE4kyg0VELPnRRskhvHouTg3sH/DKuAGCW6ijhAMREFTRq7N9GgeH/lqed5EhCrR5r98m0vfHmEUxVWIMh1v+WJ7CZuiJ5oXnjN8AUlRHsLzwKe0a1yKC6e+24oDtp8HNlcIc75V6IsBhMkUcD2Ivo13NRX+M9v9D17XxdaEVM/iFdZQhOOIchgZZy+RLHEr+9lQ23sGeI0vhPcA==
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 6caa2597-df2f-43fb-043b-08d9c892ae65
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Dec 2021 17:10:56.5803 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +YYlm5wRPOQ2C5MwEqeRNhkGIPMo6JhywkN2WBv5TEVNom4ah5B+kvVQSEEwrDgAUMHZICHl4cySJkJzIm3iaQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB3684
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/RO0xT4OMED2DwRuGAXc6ImB8hTQ>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-04.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Dec 2021 17:11:09 -0000
Now it's my turn to ask for doc;-) I've just started to look at the ACL section and I find assorted references like: /* * Calculate inherited ACL in a manner compatible with PSARC/2010/029. * It's also being used to calculate a trivial ACL, by inheriting from * a NULL ACL. */ in the FreeBSD code. (The ACL stuff was not done by me.) I can find references to PSARC/2010/029 elsewhere, but have not located the document. (I think it might be some Oracle doc?) Anyone know where I can find it? (Or is the contents of it now in RFC8881?) Thanks for any info, rick ________________________________________ From: nfsv4 <nfsv4-bounces@ietf.org> on behalf of David Noveck <davenoveck@gmail.com> Sent: Friday, December 24, 2021 8:49 AM To: NFSv4; nfsv4-chairs; nfsv4-ads@ietf.org Subject: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-04.txt CAUTION: This email originated from outside of the University of Guelph. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt, forward suspicious emails to IThelp@uoguelph.ca I've just posted security-04. Thanks to Rick Macklem and Chuck Lever who made important suggestions that I hope are correctly addressed in this version. An rfcdiff with -03 is not small but it is helpful to see what has changed. As previously discussed, I am proposing that the working group adopt this draft as a working group document. I expect Brian and Zahed to set the timeline for that discussion. Please let me know about your suggestions for -05. ---------- Forwarded message --------- From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> Date: Fri, Dec 24, 2021 at 8:31 AM Subject: New Version Notification for draft-dnoveck-nfsv4-security-04.txt To: David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>> A new version of I-D, draft-dnoveck-nfsv4-security-04.txt has been successfully submitted by David Noveck and posted to the IETF repository. Name: draft-dnoveck-nfsv4-security Revision: 04 Title: Security for the NFSv4 Protocols Document date: 2021-12-24 Group: Individual Submission Pages: 129 URL: https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-04.txt Status: https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-security/ Html: https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-04.html Htmlized: https://datatracker.ietf.org/doc/html/draft-dnoveck-nfsv4-security Diff: https://www.ietf.org/rfcdiff?url2=draft-dnoveck-nfsv4-security-04 Abstract: This document describes the core security features of the NFSv4 family of protocols, applying to all minor versions. The discussion includes the use of security features provided by RPC on a per- connection basis. This preliminary version of the document, is intended, in large part, to result in working group discussion regarding existing NFSv4 security issues and to provide a framework for addressing these issues and obtaining working group consensus regarding necessary changes. When a successor document is eventually published as an RFC, it will supersede the description of security appearing in existing minor version specification documents such as RFC 7530 and RFC 8881. The IETF Secretariat
- [nfsv4] Fwd: New Version Notification for draft-d… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] New Version Notification for draft-dn… Brian Pawlowski
- Re: [nfsv4] New Version Notification for draft-dn… Chuck Lever III
- Re: [nfsv4] Fwd: New Version Notification for dra… bfields
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… bfields
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… bfields
- Re: [nfsv4] Fwd: New Version Notification for dra… bfields
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… J. Bruce Fields
- Re: [nfsv4] Fwd: New Version Notification for dra… Chuck Lever III
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Trond Myklebust