Re: [nfsv4] Fwd: New Version Notification for draft-haynes-nfsv4-flex-filesv2-00.txt

Benjamin Kaduk <kaduk@mit.edu> Tue, 08 August 2017 20:32 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 978841204DA for <nfsv4@ietfa.amsl.com>; Tue, 8 Aug 2017 13:32:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dNsS-mrrV-YM for <nfsv4@ietfa.amsl.com>; Tue, 8 Aug 2017 13:32:00 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5D6E132539 for <nfsv4@ietf.org>; Tue, 8 Aug 2017 13:31:51 -0700 (PDT)
X-AuditID: 1209190e-547ff70000005837-13-598a1fb6229e
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 2A.8E.22583.6BF1A895; Tue, 8 Aug 2017 16:31:50 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id v78KVn8o024664; Tue, 8 Aug 2017 16:31:49 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v78KVjfh002112 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 8 Aug 2017 16:31:47 -0400
Date: Tue, 08 Aug 2017 15:31:45 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Olga Kornievskaia <aglo@citi.umich.edu>
Cc: Trond Myklebust <trondmy@gmail.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>, Thomas Haynes <loghyr@primarydata.com>
Message-ID: <20170808203145.GS70977@kduck.kaduk.org>
References: <150215110527.12392.18161698955589691126.idtracker@ietfa.amsl.com> <2CA259E3-BD3A-482B-BFBF-3B90425AD3EA@primarydata.com> <CAN-5tyETNMCPVC5wJ-_77vM5+hVB+-uasd37kn+M=hoCeK6P7w@mail.gmail.com> <CAABAsM6rmrDU4BR6Ho7YFjjYA2amEkwuRGtzN537VXUZ-Eh-hg@mail.gmail.com> <20170808185803.GQ70977@kduck.kaduk.org> <CAABAsM7xOpbopPa3v1YMtfcFZbNZ=Jygap37Bg6qGfDDAvRHhQ@mail.gmail.com> <CAN-5tyHz1cqSWyv1hVMvzaqSr1W0V0_drz3BvzxHWDyM5w+spw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAN-5tyHz1cqSWyv1hVMvzaqSr1W0V0_drz3BvzxHWDyM5w+spw@mail.gmail.com>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrHIsWRmVeSWpSXmKPExsUixCmqrbtNvivSYNJhVYu1j56yWyzfs5Xd Yvb7R6wW9x5/ZXVg8VjT2snisXPWXXaPJUt+MnnMnysXwBLFZZOSmpNZllqkb5fAlbHx4Sa2 gk9cFd8aprM2MJ7h6GLk5JAQMJF4e/YFcxcjF4eQwGImiTk710M5Gxgl5k/uY4FwrjBJvJz1 nBWkhUVAReLJjgnMIDYbkN3QfRnMFhHQlujZ+YwRxGYWqJb48nopE4gtLBAvsX72U6A4Bwcv 0LoXDx0hZp5jlth79QkbSA2vgKDEyZlPWCB6tSRu/HvJBFLPLCAtsfwf2KWcAoESN6YsAVsl KqAsMW/fKrYJjAKzkHTPQtI9C6F7ASPzKkbZlNwq3dzEzJzi1GTd4uTEvLzUIl1jvdzMEr3U lNJNjOBgluTbwTipwfsQowAHoxIP7409nZFCrIllxZW5hxglOZiURHk3aQOF+JLyUyozEosz 4otKc1KLDzFKcDArifCGyHVFCvGmJFZWpRblw6SkOViUxHnFNRojhATSE0tSs1NTC1KLYLIy HBxKErz1II2CRanpqRVpmTklCGkmDk6Q4TxAwwXlQYYXFyTmFmemQ+RPMSpKifM+lQVKCIAk Mkrz4HpByUYie3/NK0ZxoFeEebeCrOABJiq47ldAg5mABkf4doIMLklESEk1MB51vy8gsyA6 JfLVrbu2MQKvv0cdXddt6DZz58JeuRRrXeHo158/Tpxc3qbS1PE6RTIlIW6KSOrO6JaF3jIJ NV77kp3iK5m0ZqwznrWiZoamUdGa+v8R6wXFI+/qesaZPb4YMvHoty7rjLXSz/eY+lcej9ri vpyxq7jw/MRHcVveHTeP1f37XYmlOCPRUIu5qDgRAH+3qu8RAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/Ux6oMOXIZQo3sw6DH-F1knv-tbs>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-haynes-nfsv4-flex-filesv2-00.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Aug 2017 20:32:01 -0000

On Tue, Aug 08, 2017 at 04:05:35PM -0400, Olga Kornievskaia wrote:
> On Tue, Aug 8, 2017 at 3:37 PM, Trond Myklebust <trondmy@gmail.com> wrote:
> >
> >
> > On 8 August 2017 at 14:58, Benjamin Kaduk <kaduk@mit.edu> wrote:
> >>
> >> On Tue, Aug 08, 2017 at 02:54:58PM -0400, Trond Myklebust wrote:
> >> > Why pass Kerberos tickets around? Is there any reason not to just pass
> >> > an
> >> > initialised RPCSEC_GSS session handle?
> >>
> >> There's not a standard serialization of the GSS security context object
> >> that it contains, for transfer across the network.
> >
> >
> > I thought rfc1964 provides one, which is pretty much the basis for the user
> > library gss_krb5_lucid_context_v1_t typedef. Am I mistaken?
> 
> We have the case of chicken before the egg problem here.
> 
> Client has to send an AP_REQ to the server. He needs a ticket for
> that. after the gss dance with the data server gss_krb5_lucid_context
> is created.

I think the proposal is that the MDS would send the AP_REQ, and generate a lucid
context to send to the client.  If the MDS also sends the RPCSEC handle,
the data server ought to be able to associate that with the same GSS security
context established by the MDS and handle RPCs from the client, even
though the peer's network address (as seen by the data server) has changed from
being the MDS to being the client.

-Ben