IETF Logo Mail Archive

Re: [nfsv4] Erik Kline's No Objection on draft-ietf-nfsv4-rpc-tls-08: (with COMMENT)

Erik Kline <ek.ietf@gmail.com> Thu, 02 July 2020 18:09 UTC

Return-Path: <ek.ietf@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E0803A095D; Thu, 2 Jul 2020 11:09:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJF-sAYqnvz1; Thu, 2 Jul 2020 11:09:09 -0700 (PDT)
Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C13E3A095B; Thu, 2 Jul 2020 11:09:09 -0700 (PDT)
Received: by mail-ot1-x331.google.com with SMTP id g37so1067167otb.9; Thu, 02 Jul 2020 11:09:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FYP0xx1Oo5q4060/EFNVx1dt/2h139YOwcIC0gF/ztY=; b=Q8DUFVbyd/81qe2hDsNOAD7dctyP4SADi474wS7KUc1mT/AmBXTM62KKqJLsIPARWs TSMY07+exFdhRlUOgStI7f/gJs0t/Mgrks4GivmgQHSQrRU++DjmQ08SbCnLgJ9O6d1m NTiq33XX66fjnTqD+gsbofYj3y1GH37iAS4TFMW49okWn9KDzmFnADGyI4nR+EOp3AXw qVcuoukZHfLUxcbcQnDjIMPz/CutP4G5nwrUXhOXOhzJjm/Qci+51Cg2GC+4rzdDvUAa DAUU9fa3sjq553nAELD8ZtsRPNC4oi4yH20H9EH5MwK8LAZUIsw8P8Qy7/psnk90VeLf ss7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FYP0xx1Oo5q4060/EFNVx1dt/2h139YOwcIC0gF/ztY=; b=dSyVoZ08zYYmo1kT6Wg15Mr+sB3i9y+14NdfynFkct0m9LibuYFbedX3cWayIPmR7i +6TrUmnwmnBow4pJ08gzZTNvd7Y2ZVaD2udI+w6/G4NTO2ZtUfgfrXdcAYGbFZedDpuG 9A2JTLUfsFyHqrg0K7OjNO3mUCpqVRU0HPzhY0ZWSutF+XAIyDGGv+Bd1+8tEl2T9hzh Q0tFenbfeyfsvOkKhEg+pCKxphmANaarkzVBb/cuySXMryAUNTbruE2qVqLHKhrES6mj IYcvV0PNMS4zc2YZdRXrEYesPii780ppJXHYjYdgebtrrEIl/uB5eJkUMlg3pqFBdq2V iFmQ==
X-Gm-Message-State: AOAM530VAtajCe10QRZjUGwuKmpAUab3MwZIWwwQfcKgqGcrmooXzq5u gVofAPFp8NdYCpMDu5TUeQ5DoVDULyeYrCGIhGA=
X-Google-Smtp-Source: ABdhPJwdH2YXfyRZKmAi6piBaVAoPvcnDrkjqzeAv1fA26rPBJ6Uk0xpW0sf/xe+grx/KHc/tGQGcgUV+laNTf01rn8=
X-Received: by 2002:a05:6830:13c1:: with SMTP id e1mr17718743otq.191.1593713348584; Thu, 02 Jul 2020 11:09:08 -0700 (PDT)
MIME-Version: 1.0
References: <159349149991.12516.12036430886387047884@ietfa.amsl.com> <FEE410F9-240F-4401-99CF-A2FC54DFE095@oracle.com> <CAMGpriWpER-pzH+Nfer=OSZKbU-cUJ9Arqsk1rxZU-72dWy1sg@mail.gmail.com> <AA6DCFBF-2B7E-45FE-B770-22B4E3B68446@oracle.com>
In-Reply-To: <AA6DCFBF-2B7E-45FE-B770-22B4E3B68446@oracle.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Thu, 02 Jul 2020 11:08:57 -0700
Message-ID: <CAMGpriV3F2f+Tk8QWaWie4DB55on0rG7Knip+bAvZzZyBR+T3Q@mail.gmail.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-nfsv4-rpc-tls@ietf.org, nfsv4-chairs@ietf.org, nfsv4@ietf.org, David Noveck <davenoveck@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/SC-z83E254jlexSjM5ysFyWWSZQ>
Subject: Re: [nfsv4] Erik Kline's No Objection on draft-ietf-nfsv4-rpc-tls-08: (with COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2020 18:09:11 -0000

Chuck,

On Thu, Jul 2, 2020 at 8:30 AM Chuck Lever <chuck.lever@oracle.com> wrote:
>
> Hi Erik-
>
> > On Jul 1, 2020, at 3:24 PM, Erik Kline <ek.ietf@gmail.com> wrote:
> >
> >>> * What mechanism guarantees that (D)TLS traffic can always and easily be
> >>> distinguished from RPC traffic on the same port?
> >>
> >> The document does not specify any mechanism for making that distinction
> >> for UDP. The server would have to match ingress datagrams that appear to
> >> be DTLS traffic to existing DTLS session state. The server treats datagrams
> >> that fail to match as RPC messages.
> >>
> >> For TCP, once a TLS session is established on a connection, the client is
> >> forbidden from mixing TLS traffic with unprotected traffic on that
> >> connection. To send unprotected traffic after establishing a session, a
> >> client would have to establish a separate TCP connection that does not
> >> have a TLS session.
> >
> > This might be something worth a few sentences.
>
> I agree that the DTLS case needs some guidance language because there
> are socket resources shared between protected and unprotected datagrams.
>
> OLD:
>
>    DTLS support for an RPC program on a particular port.  It then
>    negotiates a DTLS session.
>
>    Multi-homed RPC clients and servers may send protected RPC messages
>    via network interfaces that were not involved in the handshake that
>
> NEW:
>
>    DTLS support for an RPC program on a particular port.  It then
>    negotiates a DTLS session.
>
>    The current document does not specify a mechanism that enables a
>    server to distinguish between DTLS traffic and unprotected RPC
>    traffic directed to the same port.  To make this distinction, each
>    peer matches ingress datagrams that appear to be DTLS traffic to
>    existing DTLS session state.  A peer treats any datagram that
>    fails the matching process as an RPC message.
>
>    Multi-homed RPC clients and servers may send protected RPC messages
>    via network interfaces that were not involved in the handshake that

LGTM, thank you.

> However I'm not so sure about the TCP case. Why would a client want to
> send a mix of protected and unprotected traffic on the same connection?
> In any event, I propose this addition:
>
> OLD:
>
>    server will subsequently reject the same RPC program on a different
>    TCP connection.
>
>    Reverse-direction operation occurs only on connected transports such
>    as TCP (see Section 2 of [RFC8166]).  To protect reverse-direction
>    RPC operations, the RPC server does not establish a separate TLS
>    session on the TCP connection, but instead uses the existing TLS
>    session on that connection to protect these operations.
>
> NEW:
>
>    server will subsequently reject the same RPC program on a different
>    TCP connection.
>
>    Once a TLS session is established on a connection, TLS forbids the
>    client from mixing session-protected traffic with unprotected RPC
>    traffic on that connection.  To exchange unprotected RPC traffic with
>    a server while a TLS session is established, the client establishes a
>    separate TCP connection that does not have a TLS session.
>
>    Reverse-direction operation occurs only on connected transports such
>    as TCP (see Section 2 of [RFC8166]).  To protect reverse-direction
>    RPC operations, the RPC server does not establish a separate TLS
>    session on the TCP connection, but instead uses the existing TLS
>    session on that connection to protect these operations.

I hadn't thought about trying to mix protected and unprotected
traffic.  This new text seems good though, thank you.

I was more curious about text for how a TCP RPC server identifies TLS
ClientHello from the first of possibly several unencrypted RPCs after
the 3WHS.  And it seems like the same "try to parse a ClientHello else
try to parse an ONC RPC message"  is the recommended approach
(analogous to DTLS above)?  It was a statement to this effect that I
was after.

> >>> [[ nits ]]
> >>>
> >>> [ section 5.1.1 ]
> >>>
> >>> * "When operation is complete" ... In addition to a grammar tweak, you
> >>> might repeat a few choice words from section 7.2 about the ability to
> >>> send multiple requests over a connection.
> >>
> >> I don't understand this comment. Section 7.2 is about user privilege
> >> separation. What did you have in mind?
> >
> > I was just thinking that it would be useful to add a sentence to
> > dispel any ideas that it's a "one TLS connection, one request" system.
> > 7.2 explicitly talks about sending multiple requests per session:
> >
> > """
> >   Moreover, client implementations are free to transmit RPC requests
> >   for more than one RPC user using the same TLS session.
> > """
>
> The Section 7.2 language assumes one TCP connection is used for many
> RPC transactions because that's an optimization that's common to
> existing RPC-over-TCP client implementations.
>
> The point of 7.2 is that there is a security-related reason why this
> optimization is not appropriate. A distinct TLS session is needed for
> each security domain on a client (think client multi-tenancy). That
> is orthogonal to the general case you are thinking of.
>
> Though not a typical use case, it's totally valid to establish a TLS
> session for one or a handful of RPC operations. But I think what you
> are saying is the document might be read to suggest a TLS(TCP) session
> is valid for the exchange of only one RPC transaction, and of course
> that is not at all the case.
>
> I propose the following change to Section 4.1, but perhaps more is
> needed:
>
> OLD:
>
>    Once the TLS session handshake is complete, the RPC client and server
>    have established a secure channel for communicating.  A successful
>    AUTH_TLS probe on one particular port/transport tuple never implies
>    RPC-over-TLS is available on that same server using a different port/
>    transport tuple.
>
> NEW:
>
>    Once the TLS session handshake is complete, the RPC client and server
>    have established a secure channel for exchanging RPC transactions.  A
>    successful AUTH_TLS probe on one particular port/transport tuple
>    never implies RPC-over-TLS is available on that same server using a
>    different port/transport tuple.

"transactions" here is plural; it implies to me "more than one over
the lifetime of the channel".  Perfect.

> I hope the following change addresses the grammar error you noticed:
>
> OLD:
>
>    When operation is complete, an RPC peer terminates a TLS session by
>    sending a TLS Closure Alert and may then close the TCP connection.
>
> NEW:
>
>    When operation is complete, an RPC peer terminates a TLS session by
>    sending a TLS Closure Alert.  It may then close the TCP connection.

I was thinking of something like s/When operation is complete/When all
operations are complete/.

Sort of related: I'm not sufficiently familiar with RPC over TCP: does
a client ever close a TCP session while there are RPCs in flight (i.e.
as a matter of normal operations and not extraordinary circumstances)?
 If so, "... are complete" above might not be strictly correct.  I'll
defer to y'all.

Thanks,
-ek

v2.23.0 | Report a Bug | By Email