IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt

Chuck Lever <chuck.lever@oracle.com> Mon, 24 September 2018 15:06 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0A6A130DE6 for <nfsv4@ietfa.amsl.com>; Mon, 24 Sep 2018 08:06:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vHqPCrkaG1Bw for <nfsv4@ietfa.amsl.com>; Mon, 24 Sep 2018 08:06:49 -0700 (PDT)
Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A92A130DF4 for <nfsv4@ietf.org>; Mon, 24 Sep 2018 08:06:48 -0700 (PDT)
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w8OF3s7e115925; Mon, 24 Sep 2018 15:06:47 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=KGG8/QCuLlm9oTuwNlSiK9/LV/IR64w3I4TTPgpbKcs=; b=aXt6nGqXAvclYUYmXc2tjZjEqPBISavRH7jcw6SNHAvT0325ms3L+g8fG7+8UtA4mW6T PiJfnSki9+8a+bxZy2/zoIBeIUJ6DOAdYwb1UUJ3Msoci618iC4doR0yFYfdWRq5x4xB YBDxmafuj3PVmlp0vOEBnivBOgGV2UtDiYB7KMdsfai7V4SvzES8zeO6bN1j1XBplnTJ uy2/dzPeBTZeP2dvfDCTgV16KUex+gTwoE55M17dtUmTLywlyReDm01gAfUobPE4fWX8 xCLNGeqrKq/UU4wzuj/I/nzq5lOPIYtbGoJOXTdBz+ZzOwXn9pUM1UgK6HWGgCJHo7mf ZA==
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2120.oracle.com with ESMTP id 2mnvtud48p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 24 Sep 2018 15:06:47 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w8OF6fS8030484 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 24 Sep 2018 15:06:41 GMT
Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w8OF6eA3017275; Mon, 24 Sep 2018 15:06:40 GMT
Received: from [10.71.9.255] (/8.25.222.2) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 24 Sep 2018 08:06:40 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <153780090601.28221.16958675117475194416@ietfa.amsl.com>
Date: Mon, 24 Sep 2018 08:06:39 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <CADE569F-8584-42CF-A297-E60956D368A2@oracle.com>
References: <153780090601.28221.16958675117475194416@ietfa.amsl.com>
To: NFSv4 <nfsv4@ietf.org>
X-Mailer: Apple Mail (2.3445.9.1)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9025 signatures=668707
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1809240149
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/TChD852eRUWv4ptQeVrs62J8ezo>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Sep 2018 15:06:51 -0000


> On Sep 24, 2018, at 7:55 AM, internet-drafts@ietf.org wrote:
> 
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Network File System Version 4 WG of the IETF.
> 
>        Title           : File Content Provenance for Network File System version 4
>        Author          : Charles Lever
> 	Filename        : draft-ietf-nfsv4-integrity-measurement-01.txt
> 	Pages           : 9
> 	Date            : 2018-09-24
> 
> Abstract:
>   This document specifies an OPTIONAL extension to NFS version 4 minor
>   version 2 that enables file provenance information to be conveyed
>   between NFS version 4.2 servers and clients.  File provenance
>   information authenticates the creator of a file's content and helps
>   guarantee the content's integrity from creation to use.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-nfsv4-integrity-measurement-01
> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-integrity-measurement-01
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-integrity-measurement-01
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/

As a result of the discussion at IETF 102 and recent follow-ups
on this mailing list, I've made substantial changes to this
document.

- References to and discussion of Linux IMA have been replaced
throughout the document, with the exception of a single citation
as an informative example in the Introduction. IMA metadata is
now referred to generically using the term "file provenance
information".

- Integrity checking of file attributes is no longer an included
feature. There were some issues that made attribute integrity
not straightforward for NFS, especially without an existing
IMA/EVM standard even for local file systems. Attribute
integrity can still be addressed at a later time.

- The Introduction now makes a problem statement and discusses
use cases instead of explaining the mechanism of file integrity
checking. The new Introduction addresses the most common
questions I've received during previous review.

Spencer D. and other reviewers:
- Have previously stated interoperability concerns been addressed?
- Have normative citation requirements been sufficiently met?

I know time is precious, but even a cursory review of this new
revision would be helpful. It's wafer-thin!

--
Chuck Lever

v2.23.0 | Report a Bug | By Email