Re: [nfsv4] Erik Kline's No Objection on draft-ietf-nfsv4-rpc-tls-08: (with COMMENT)
Erik Kline <ek.ietf@gmail.com> Thu, 02 July 2020 18:09 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E0803A095D; Thu, 2 Jul 2020 11:09:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJF-sAYqnvz1; Thu, 2 Jul 2020 11:09:09 -0700 (PDT)
Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C13E3A095B; Thu, 2 Jul 2020 11:09:09 -0700 (PDT)
Received: by mail-ot1-x331.google.com with SMTP id g37so1067167otb.9; Thu, 02 Jul 2020 11:09:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FYP0xx1Oo5q4060/EFNVx1dt/2h139YOwcIC0gF/ztY=; b=Q8DUFVbyd/81qe2hDsNOAD7dctyP4SADi474wS7KUc1mT/AmBXTM62KKqJLsIPARWs TSMY07+exFdhRlUOgStI7f/gJs0t/Mgrks4GivmgQHSQrRU++DjmQ08SbCnLgJ9O6d1m NTiq33XX66fjnTqD+gsbofYj3y1GH37iAS4TFMW49okWn9KDzmFnADGyI4nR+EOp3AXw qVcuoukZHfLUxcbcQnDjIMPz/CutP4G5nwrUXhOXOhzJjm/Qci+51Cg2GC+4rzdDvUAa DAUU9fa3sjq553nAELD8ZtsRPNC4oi4yH20H9EH5MwK8LAZUIsw8P8Qy7/psnk90VeLf ss7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FYP0xx1Oo5q4060/EFNVx1dt/2h139YOwcIC0gF/ztY=; b=dSyVoZ08zYYmo1kT6Wg15Mr+sB3i9y+14NdfynFkct0m9LibuYFbedX3cWayIPmR7i +6TrUmnwmnBow4pJ08gzZTNvd7Y2ZVaD2udI+w6/G4NTO2ZtUfgfrXdcAYGbFZedDpuG 9A2JTLUfsFyHqrg0K7OjNO3mUCpqVRU0HPzhY0ZWSutF+XAIyDGGv+Bd1+8tEl2T9hzh Q0tFenbfeyfsvOkKhEg+pCKxphmANaarkzVBb/cuySXMryAUNTbruE2qVqLHKhrES6mj IYcvV0PNMS4zc2YZdRXrEYesPii780ppJXHYjYdgebtrrEIl/uB5eJkUMlg3pqFBdq2V iFmQ==
X-Gm-Message-State: AOAM530VAtajCe10QRZjUGwuKmpAUab3MwZIWwwQfcKgqGcrmooXzq5u gVofAPFp8NdYCpMDu5TUeQ5DoVDULyeYrCGIhGA=
X-Google-Smtp-Source: ABdhPJwdH2YXfyRZKmAi6piBaVAoPvcnDrkjqzeAv1fA26rPBJ6Uk0xpW0sf/xe+grx/KHc/tGQGcgUV+laNTf01rn8=
X-Received: by 2002:a05:6830:13c1:: with SMTP id e1mr17718743otq.191.1593713348584; Thu, 02 Jul 2020 11:09:08 -0700 (PDT)
MIME-Version: 1.0
References: <159349149991.12516.12036430886387047884@ietfa.amsl.com> <FEE410F9-240F-4401-99CF-A2FC54DFE095@oracle.com> <CAMGpriWpER-pzH+Nfer=OSZKbU-cUJ9Arqsk1rxZU-72dWy1sg@mail.gmail.com> <AA6DCFBF-2B7E-45FE-B770-22B4E3B68446@oracle.com>
In-Reply-To: <AA6DCFBF-2B7E-45FE-B770-22B4E3B68446@oracle.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Thu, 02 Jul 2020 11:08:57 -0700
Message-ID: <CAMGpriV3F2f+Tk8QWaWie4DB55on0rG7Knip+bAvZzZyBR+T3Q@mail.gmail.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-nfsv4-rpc-tls@ietf.org, nfsv4-chairs@ietf.org, nfsv4@ietf.org, David Noveck <davenoveck@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/SC-z83E254jlexSjM5ysFyWWSZQ>
Subject: Re: [nfsv4] Erik Kline's No Objection on draft-ietf-nfsv4-rpc-tls-08: (with COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2020 18:09:11 -0000
Chuck, On Thu, Jul 2, 2020 at 8:30 AM Chuck Lever <chuck.lever@oracle.com> wrote: > > Hi Erik- > > > On Jul 1, 2020, at 3:24 PM, Erik Kline <ek.ietf@gmail.com> wrote: > > > >>> * What mechanism guarantees that (D)TLS traffic can always and easily be > >>> distinguished from RPC traffic on the same port? > >> > >> The document does not specify any mechanism for making that distinction > >> for UDP. The server would have to match ingress datagrams that appear to > >> be DTLS traffic to existing DTLS session state. The server treats datagrams > >> that fail to match as RPC messages. > >> > >> For TCP, once a TLS session is established on a connection, the client is > >> forbidden from mixing TLS traffic with unprotected traffic on that > >> connection. To send unprotected traffic after establishing a session, a > >> client would have to establish a separate TCP connection that does not > >> have a TLS session. > > > > This might be something worth a few sentences. > > I agree that the DTLS case needs some guidance language because there > are socket resources shared between protected and unprotected datagrams. > > OLD: > > DTLS support for an RPC program on a particular port. It then > negotiates a DTLS session. > > Multi-homed RPC clients and servers may send protected RPC messages > via network interfaces that were not involved in the handshake that > > NEW: > > DTLS support for an RPC program on a particular port. It then > negotiates a DTLS session. > > The current document does not specify a mechanism that enables a > server to distinguish between DTLS traffic and unprotected RPC > traffic directed to the same port. To make this distinction, each > peer matches ingress datagrams that appear to be DTLS traffic to > existing DTLS session state. A peer treats any datagram that > fails the matching process as an RPC message. > > Multi-homed RPC clients and servers may send protected RPC messages > via network interfaces that were not involved in the handshake that LGTM, thank you. > However I'm not so sure about the TCP case. Why would a client want to > send a mix of protected and unprotected traffic on the same connection? > In any event, I propose this addition: > > OLD: > > server will subsequently reject the same RPC program on a different > TCP connection. > > Reverse-direction operation occurs only on connected transports such > as TCP (see Section 2 of [RFC8166]). To protect reverse-direction > RPC operations, the RPC server does not establish a separate TLS > session on the TCP connection, but instead uses the existing TLS > session on that connection to protect these operations. > > NEW: > > server will subsequently reject the same RPC program on a different > TCP connection. > > Once a TLS session is established on a connection, TLS forbids the > client from mixing session-protected traffic with unprotected RPC > traffic on that connection. To exchange unprotected RPC traffic with > a server while a TLS session is established, the client establishes a > separate TCP connection that does not have a TLS session. > > Reverse-direction operation occurs only on connected transports such > as TCP (see Section 2 of [RFC8166]). To protect reverse-direction > RPC operations, the RPC server does not establish a separate TLS > session on the TCP connection, but instead uses the existing TLS > session on that connection to protect these operations. I hadn't thought about trying to mix protected and unprotected traffic. This new text seems good though, thank you. I was more curious about text for how a TCP RPC server identifies TLS ClientHello from the first of possibly several unencrypted RPCs after the 3WHS. And it seems like the same "try to parse a ClientHello else try to parse an ONC RPC message" is the recommended approach (analogous to DTLS above)? It was a statement to this effect that I was after. > >>> [[ nits ]] > >>> > >>> [ section 5.1.1 ] > >>> > >>> * "When operation is complete" ... In addition to a grammar tweak, you > >>> might repeat a few choice words from section 7.2 about the ability to > >>> send multiple requests over a connection. > >> > >> I don't understand this comment. Section 7.2 is about user privilege > >> separation. What did you have in mind? > > > > I was just thinking that it would be useful to add a sentence to > > dispel any ideas that it's a "one TLS connection, one request" system. > > 7.2 explicitly talks about sending multiple requests per session: > > > > """ > > Moreover, client implementations are free to transmit RPC requests > > for more than one RPC user using the same TLS session. > > """ > > The Section 7.2 language assumes one TCP connection is used for many > RPC transactions because that's an optimization that's common to > existing RPC-over-TCP client implementations. > > The point of 7.2 is that there is a security-related reason why this > optimization is not appropriate. A distinct TLS session is needed for > each security domain on a client (think client multi-tenancy). That > is orthogonal to the general case you are thinking of. > > Though not a typical use case, it's totally valid to establish a TLS > session for one or a handful of RPC operations. But I think what you > are saying is the document might be read to suggest a TLS(TCP) session > is valid for the exchange of only one RPC transaction, and of course > that is not at all the case. > > I propose the following change to Section 4.1, but perhaps more is > needed: > > OLD: > > Once the TLS session handshake is complete, the RPC client and server > have established a secure channel for communicating. A successful > AUTH_TLS probe on one particular port/transport tuple never implies > RPC-over-TLS is available on that same server using a different port/ > transport tuple. > > NEW: > > Once the TLS session handshake is complete, the RPC client and server > have established a secure channel for exchanging RPC transactions. A > successful AUTH_TLS probe on one particular port/transport tuple > never implies RPC-over-TLS is available on that same server using a > different port/transport tuple. "transactions" here is plural; it implies to me "more than one over the lifetime of the channel". Perfect. > I hope the following change addresses the grammar error you noticed: > > OLD: > > When operation is complete, an RPC peer terminates a TLS session by > sending a TLS Closure Alert and may then close the TCP connection. > > NEW: > > When operation is complete, an RPC peer terminates a TLS session by > sending a TLS Closure Alert. It may then close the TCP connection. I was thinking of something like s/When operation is complete/When all operations are complete/. Sort of related: I'm not sufficiently familiar with RPC over TCP: does a client ever close a TCP session while there are RPCs in flight (i.e. as a matter of normal operations and not extraordinary circumstances)? If so, "... are complete" above might not be strictly correct. I'll defer to y'all. Thanks, -ek
- [nfsv4] Erik Kline's No Objection on draft-ietf-n… Erik Kline via Datatracker
- Re: [nfsv4] Erik Kline's No Objection on draft-ie… Chuck Lever
- Re: [nfsv4] Erik Kline's No Objection on draft-ie… Erik Kline
- Re: [nfsv4] Erik Kline's No Objection on draft-ie… Chuck Lever
- Re: [nfsv4] Erik Kline's No Objection on draft-ie… Erik Kline
- Re: [nfsv4] Erik Kline's No Objection on draft-ie… Chuck Lever
- Re: [nfsv4] Erik Kline's No Objection on draft-ie… Chuck Lever
- Re: [nfsv4] Erik Kline's No Objection on draft-ie… Erik Kline