Re: [nfsv4] Roman Danyliw's Discuss on draft-ietf-nfsv4-rpc-tls-08: (with DISCUSS and COMMENT)

Chuck Lever <chuck.lever@oracle.com> Tue, 07 July 2020 17:23 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62BA13A1162; Tue, 7 Jul 2020 10:23:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ye0fOUYLjpoO; Tue, 7 Jul 2020 10:23:04 -0700 (PDT)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37A8E3A1164; Tue, 7 Jul 2020 10:23:03 -0700 (PDT)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 067Gv1p1045577; Tue, 7 Jul 2020 17:23:01 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2020-01-29; bh=5nH9RIT73nb7pSxLvR7wEhK83YY+VY/4TkXf9Lb+DCk=; b=PaobZhvUPa/QmYduu2kb/kR15ds2D/B/5B7frHKnAdvmNJ82WtKde/UbVVfzRl28coZc 40EAjwoJgJjZvGLoWg+eXOAwvzq3nxATQooOfjxPZp0K5uGMzM+UVX8vc3bhW7XeWR7i dG0iVotp7HD8uNRMqpdikvUjU1HEDFudgYLKvzsdh9GFfROWUQJOIfoh/WAA1jOU+siT /gHQaOGHY27z3x0389rMmtPoXpAqmn2V+EDRuWpP9zOVgEDn8G8fDy5Pt8kyYtYwfHHZ 8V5G905KQ3cyKjVXCwqietKTLWTdJ9H3dcpF30v+DGoCqMO41/orlPvod7LtyxIm1enG 4g==
Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by aserp2120.oracle.com with ESMTP id 322kv6dqtm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 07 Jul 2020 17:23:01 +0000
Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 067GwRBG018378; Tue, 7 Jul 2020 17:21:00 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userp3030.oracle.com with ESMTP id 3233pxgt16-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 07 Jul 2020 17:21:00 +0000
Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 067HKxnG002724; Tue, 7 Jul 2020 17:20:59 GMT
Received: from anon-dhcp-153.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 07 Jul 2020 10:20:59 -0700
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <159409225571.12966.1097397622994927028@ietfa.amsl.com>
Date: Tue, 07 Jul 2020 13:20:57 -0400
Cc: The IESG <iesg@ietf.org>, draft-ietf-nfsv4-rpc-tls@ietf.org, nfsv4-chairs@ietf.org, nfsv4@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B6809FC-7F22-4D04-869B-39E423733CFD@oracle.com>
References: <159409225571.12966.1097397622994927028@ietfa.amsl.com>
To: Roman Danyliw <rdd@cert.org>
X-Mailer: Apple Mail (2.3445.104.14)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9675 signatures=668680
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 adultscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 bulkscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2007070119
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9675 signatures=668680
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 bulkscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 phishscore=0 spamscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 mlxscore=0 adultscore=0 cotscore=-2147483648 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2007070119
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/U7BVWtHUSRd-ucqYrNqceGrEyh0>
Subject: Re: [nfsv4] Roman Danyliw's Discuss on draft-ietf-nfsv4-rpc-tls-08: (with DISCUSS and COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2020 17:23:07 -0000

Hi Roman -

I'll address Section 1 and 4 in this reply, and follow up with the other
Sections in subsequent replies.


> On Jul 6, 2020, at 11:24 PM, Roman Danyliw via Datatracker <noreply@ietf.org> wrote:
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thank you for addressing the early SECDIR review items (and thank you Derrell
> Piper and Alan Alan DeKok for doing them)
> 
> ** Section 1.  Per “Encryption by Default: Transport encryption can be enabled
> without … generating additional keying materials”, I’m not sure that this is
> accurate if the server and clients need to be keyed with certificates or PSK
> for TLS

The full list item reads:

   Encryption By Default:  Transport encryption can be enabled without
      additional administrative tasks such as identifying client systems
      to a trust authority, generating additional keying material, or
      provisioning a secure network tunnel.

All modes of RPC-on-TLS operation require a server key of some type.
The "additional keying material" in this case refers to client keys.
Section 4.2 specifies a mode of operation where RPC-over-TLS-enabled
clients can initiate a TLS session with an RPC-over-TLS-enabled server
even though the clients do not have a certificate.

This is meant to address deployment scalability issues with GSS, which
requires a keytab on every participating peer.

Perhaps instead of "identifying client systems to a trust authority,
generating additional keying material," the text could say "identifying
client systems to a trust authority and providing them with keying
material,".


> ** Section 4.1. Per “Policy settings on the RPC-over-TLS-enabled peer determine
> whether RPC operation continues without the use of TLS or RPC operation is not
> permitted.”, I had trouble parsing this sentence.

A previous IESG COMMENT prompted a rewrite of this sentence since -08.

The first paragraph of Section 4.1 now reads:

   The mechanism described in the current document interoperates fully
   with RPC implementations that do not support RPC-over-TLS.  When an
   RPC-over-TLS-enabled peer encounters a peer that does not support
   RPC-over-TLS, policy settings on the RPC-over-TLS-enabled peer
   determine whether RPC operation continues without the use of TLS, or
   RPC operation is not permitted.


> ** Section 4.1.  Per “RPC operation can continue …”, it might be worth
> repeating what was stated earlier that  “[t]he RPC operation can continue if
> permitted by local policy …”

How about:

OLD:

   Conversely, if the Reply's reply_stat is not MSG_ACCEPTED, if its
   verifier flavor is not AUTH_NONE, or if its verifier does not contain
   the "STARTTLS" token, the RPC client MUST NOT send a "ClientHello"
   message.  RPC operation can continue, however it will be without any
   confidentiality, integrity or authentication protection from (D)TLS.

NEW:

   Conversely, if the Reply's reply_stat is not MSG_ACCEPTED, if its
   verifier flavor is not AUTH_NONE, or if its verifier does not contain
   the "STARTTLS" token, the RPC client MUST NOT send a "ClientHello"
   message.  RPC operation may continue, depending on local policy, but
   without confidentiality, integrity, or peer authentication protection
   from (D)TLS.

[ ... snipped ... ]

> ** Editorial Nits:
> -- Section 5.  Typo. s/Similary/Similarly/
> 
> -- Section 7.1.2. Typo. s/connnection/connection/

Fixed, thanks.


--
Chuck Lever