IETF Logo Mail Archive

Re: [nfsv4] Security document - sense of the working group

Thomas Haynes <loghyr@gmail.com> Wed, 31 January 2024 17:31 UTC

Return-Path: <loghyr@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA8B7C14F68C for <nfsv4@ietfa.amsl.com>; Wed, 31 Jan 2024 09:31:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvSa3uSa5h0n for <nfsv4@ietfa.amsl.com>; Wed, 31 Jan 2024 09:31:04 -0800 (PST)
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4560CC14F682 for <nfsv4@ietf.org>; Wed, 31 Jan 2024 09:31:04 -0800 (PST)
Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-1d8a66a2976so48309545ad.2 for <nfsv4@ietf.org>; Wed, 31 Jan 2024 09:31:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706722263; x=1707327063; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=Dd4FEpGL1JXI3UEmpsb8KDytHrU+YPUs7w+Vago0qMM=; b=fF8w06thG7oAGrfF12+3BDT99Tcan94mAyhJ+Opqvi5fJRYh3SJHT6GunLaZPOjjn/ wI7OPy4YDOmJoDAkgLnfh92ru1FQrIu56pHv5OtzjiOar2neFDWm+3bxYYdSSI5EjKBn +jvALXqBG4RXSZheRmH4NQaLHAqgRCJMPgx1+qFFGLQmBWJcCSBOrpc/qwQbS0/lY7Vs 8ktk8bC8NrboJG2KO0xlyL0ZCqC71H5v7QZa+zRvsJ1S+AWD1vRukVF2FAqjdAyUYqDd 62ihF00S46snverX0GYF0QnGqxbQZwdhmuKWoOdRfJh2fp7rHGKsS2J/JITSCGEW+b4c X6qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706722263; x=1707327063; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Dd4FEpGL1JXI3UEmpsb8KDytHrU+YPUs7w+Vago0qMM=; b=MDTGiuQU6iNxKsBT64GQcXt5jzZO8vK9UKkxgrjE0j5/N6V8ZoT3MXKurdupBWMH3k nAJdJFGGZOr88Y5bZo53B62pKB13/XMWDf3tpq7kmOnbnVDDo3VabiIkuyrj2mMSJVw9 /oI4S6Ieeei/yQt2P3J5aqhy9a4h/kHcEuFfDiy7jX6z4x8H09S9oU2s2tbDD/JRgcFA SHj/qwy9ObeKq8gZoSe1YkxafjwuV6sQpvhowIztNsI/NiBfeieOgnePbHvFHrv3MBBs /i3k2ReU1czI0TuerKIsnt+gk6WEiYERuY1fwU7b5F1c0afqaPrvTruQ9v6t6Q2ACEs8 65Ow==
X-Gm-Message-State: AOJu0YxjSuobl5P0K4/psgCpQJ9HG0sRqRvca3E3LD4xfGB5ZVW1sWJ7 7lSRcX0LmmD62advIt/ihk6BfmW0VHFaA0LpseDcswq/B6h/6e2t
X-Google-Smtp-Source: AGHT+IE7c48r5Pzy8JbcTXb9CbR/Ue36vwxUODGuI2u2uheHmRk59Ex/BKPImw1/bKRAwDL562jNVg==
X-Received: by 2002:a17:902:f68d:b0:1d6:f7b9:8cf9 with SMTP id l13-20020a170902f68d00b001d6f7b98cf9mr3067110plg.10.1706722263179; Wed, 31 Jan 2024 09:31:03 -0800 (PST)
Received: from smtpclient.apple ([12.27.99.197]) by smtp.gmail.com with ESMTPSA id kf16-20020a17090305d000b001d8ee2884c6sm5263949plb.218.2024.01.31.09.31.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 31 Jan 2024 09:31:02 -0800 (PST)
From: Thomas Haynes <loghyr@gmail.com>
Message-Id: <4E40F1B2-0AFD-403D-B104-82B6FD617FB9@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C30C4EA5-0E7B-44AF-A5BD-20E4BDE9BA82"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Wed, 31 Jan 2024 09:30:50 -0800
In-Reply-To: <CADaq8jcqe1yMQTjVzECvFfjSFdjMGpDH6UxkyYH_e31w++K9rA@mail.gmail.com>
Cc: Chris Inacio <inacio@cert.org>, NFSv4 <nfsv4@ietf.org>, Pranoop Reddy Erasani <Pranoop.Erasani@netapp.com>
To: David Noveck <davenoveck@gmail.com>
References: <7CFC98DA-BFC3-462D-861E-009BCE960F1C@cert.org> <CA49B26F-0F81-4290-8EEF-7FDE5B250CA1@gmail.com> <CADaq8jcqe1yMQTjVzECvFfjSFdjMGpDH6UxkyYH_e31w++K9rA@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.400.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/SU9JJ2X9UrrCRAV8Tmyx1jdHy9A>
Subject: Re: [nfsv4] Security document - sense of the working group
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2024 17:31:08 -0000


> On Jan 30, 2024, at 12:02 PM, David Noveck <davenoveck@gmail.com> wrote:
> 
> 
> 
> On Tue, Jan 30, 2024 at 12:43 PM Thomas Haynes <loghyr@gmail.com <mailto:loghyr@gmail.com>> wrote:
>> 
>> 
>>> On Jan 30, 2024, at 8:22 AM, Chris Inacio <inacio@cert.org <mailto:inacio@cert.org>> wrote:
>>> 
>>> All,
>>> 
>>> The chairs would like a sense of the working group with regards to the draft-dnoveck-nfsv4-security-07 (https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-security/) and adoption.  Please let us know if you think the working group collectively agrees to the body of work proposed in the draft.
>>> 
>>> The sense of the chairs is that the working group does not have consensus on the scope or set of items presented in the current individual draft.  If that is the case, we would like to know what topics/items in the draft that you do support and which ones you do not believe are ready or that the WG will not be able to reach consensus on.  If there are steps that you think the working group should take towards clarity on any of those topics, the chairs are interested in hearing those too.
>>> 
>>> Thanks,
>>> NFSv4 Chairs
>>> 
>>> ----
>>> Chris Inacio
>>> inacio@cert.org <mailto:inacio@cert.org>
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> nfsv4 mailing list
>>> nfsv4@ietf.org <mailto:nfsv4@ietf.org>
>>> https://www.ietf.org/mailman/listinfo/nfsv4
>> 
>> 
>> For me, the largest issue is whether vendors are required to revamp their implementations
> 
> They are not required to do so.   If you feel I am wrong, please cite a specific instance where the existing -07 would require an existing implementation to be revamped. 
>  
>> when we effectively rewrite NFSv4.0, NFSv4.1, and NFSv4.2.
> 
> That is not what the document does.  If it did, the job would be easier.   For example, we need information on existing ACL implementations to avoid mandating incompatible changes but that work has started and willl need to be completed once the document adoption is completed.
>> 


The document leads off with this:

   The need to make major changes in the security approach for three
   Proposed Standards ([RFC7530] for NFSv4.0, [RFC8881] for NFSv4.1, and
   [RFC7862] for NFSv4.2) raises troubling issues.  These changes are
   necessary as explained in Section 1.1.  These troubling issues often
   concern compatibility and compliance issues as described in
   Section 1.3.

Which strongly implies my point.

I’ll grant you that:

Although it might,
   given the security issues with AUTH_SYS, make sense to say that it
   "MUST NOT" be used in that way, the working group is very reluctant
   to retroactively declare previously compliant behavior 

Also implies such changes are not mandatory, but I would argue that the abstract/Introduction should make this clear.


>> I would propose that instead of the security changes being “backported” to the earlier versions, 
> 
> What changes are you speaking of?  Please be specific.
>  
>> we make the security document apply to all future releases.
> 
> This leaves the problem of what to say about security in the needed rfc5661bis.   I don't see how we can do a bis that either ignores security entirely  or continues to ignore the security issues with using AUTH_SYS in the clear.


So help me, we already have had RFC 8881, which is the RFC 5661bis. Why do we need another?




> 
>> 
>> Perhaps to differentiate, we make it NFSv5. I.e., NFSv5 is secure NFS.
> 
> Aside from the charter issue nightmaare this would create,, making this an entirely new protocol,, would open things up tp major XDR changes which would be a consequence of a major version change.   We don't need to do that and I don't thing the wg s prepared to do that..
> 
> We screwed some things up in this area  and need to fix our mistakes but an approach which relies on an entirely new protocol,  would inevitably brand NFSv4 as a complete failure.  I don't think we need to do that.
>> _______________________________________________
>> nfsv4 mailing list
>> nfsv4@ietf.org <mailto:nfsv4@ietf.org>
>> https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email