Re: [nfsv4] Secdir last call review of draft-ietf-nfsv4-mv1-msns-update-04
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 28 February 2019 04:17 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BA9C130DD6; Wed, 27 Feb 2019 20:17:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fl2U3SZW_8Lk; Wed, 27 Feb 2019 20:17:47 -0800 (PST)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B282130ECF; Wed, 27 Feb 2019 20:17:44 -0800 (PST)
Received: by mail-lj1-x22a.google.com with SMTP id g80so15865433ljg.6; Wed, 27 Feb 2019 20:17:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=alu6GybhwFGJPekQ4uf7eA8ldHFUZuNCMBrlQobIDnk=; b=Iz3qIdm3mAtwbCikRzR5W48PxwfTEJZWCKxZLsGWxHJO6fmqSoHjQtVxNRTh77+SDY p/Olu4SrIKVu4ciIckPtv1B8YjkHbbH3B4n52yOrsFa8iIfv+Kzq634N1rmVHCDwfOIw xCR91opRfA6Ndp1YuUpGPACb7mmQWhrDTzIKciVa01XHXTD+esCRo4IDVPy5/jmikq3m spGkna7o7P8xuYZvkZ7lmlHlQOhOWKoie1V+qiSZ4QjGU2Sc/rWuRsrGgnGZoxXhvqgZ d9C3LV43yNTWZuy8F09gOxiZgVwVPlYJPAUMKis6Om70MDOmQNgUEnI1yAxO5uKa6pTU D7HA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=alu6GybhwFGJPekQ4uf7eA8ldHFUZuNCMBrlQobIDnk=; b=cGtaeOVzbjrdD66fmwwDLNSSeIIEFPpCJbrNXJVI+rPkFN6sSioE3rPOMiCA+RLrQy q+prYnuX+WrQVB0O6wDGRnGvl1puZc8lNbszObWssICNIg4sX78g4GChT+/Z2H8rbFGC EkEe0fFH6OBIR2zgnR83VArlxe+7ltzMGd23ipBEeEXz5ZAwQf0QQ9lu7mHzFtBs/B38 C1T355wK4IU73dkTC4y8velKvxuItAPR4nnglK1Bwu+29UUchCHpw77FZRtWU4UkhUpA fb2jnNZe1ogZrTE8mutWhapEwot5cwzwWAx7NVZNt+sa3XOpiFn1HeXamhGk0TIAqCD8 1fuQ==
X-Gm-Message-State: APjAAAVbGtSHbXGPzUeArzCtASA5b8B/bukB53Oz0q4J/85hv7qDwuqK 9DNyiXgaUUi5PYSb6wk8DBDAMY/Py8n5v0YZwXUtzw==
X-Google-Smtp-Source: AHgI3IalwSHv/mD2gSaP7zP9AXWkzFZUjXii2TpG2UnTNARYOFdEU/sp1VMs7Wh3Ut2xXASINKTCjjaNgiSspwnF9cY=
X-Received: by 2002:a2e:890b:: with SMTP id d11mr3591961lji.174.1551327461948; Wed, 27 Feb 2019 20:17:41 -0800 (PST)
MIME-Version: 1.0
References: <155128908237.14053.17188619727012241844@ietfa.amsl.com>
In-Reply-To: <155128908237.14053.17188619727012241844@ietfa.amsl.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 27 Feb 2019 22:17:29 -0600
Message-ID: <CAKKJt-f4eoabdzaCUGsrM5ybpjCH5XmmnaEkpSvi1frE3Z1BGQ@mail.gmail.com>
To: draft-ietf-nfsv4-mv1-msns-update.all@ietf.org
Cc: NFSv4 <nfsv4@ietf.org>, sean+ietf@sn3rd.com
Content-Type: multipart/alternative; boundary="0000000000004cc2f30582ec92cc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/X2DL7oazZz2Nz5Hp5vcVTxFdGFE>
Subject: Re: [nfsv4] Secdir last call review of draft-ietf-nfsv4-mv1-msns-update-04
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 04:17:49 -0000
It would be awesome to respond to this secdir request soon, because the document is on next week's telechat, and that's the last telechat before I step down as responsible AD. For what that's worth. But make good choices! Spencer On Wed, Feb 27, 2019, 11:38 Sean Turner <sean@sn3rd.com> wrote: > Reviewer: Sean Turner > Review result: Has Issues > > This draft updates NFSv4.1 to correct handling of the fs_locations and > fs_locations_info attributes; NFSv4.1 weighs in at 617 pages and this > draft weighs in a relatively spry 106; let’s say I was really, really > hoping > for some multi-page ASCII art, but also no pretty much all text. The > draft does a good job of explaining what’s being replaced and why, but > I have to say that I did not check all of section pointers. These > instructions will really help when work on a fully revised NFS RFC gets > going. Unfortunately for me, I do not have NFSv4.1 in my head so let’s > just say that I did my best … > > Summary: This draft is probably worthy of some type of DISCUSS based > on the following: > > 0) The big issue being addressed in the security considerations is the fact > that RPSEC_GSS is must support not must use and the other mechanism > referred to by RFC 5661 are: > > - AUTH_NONE - nada authentication > > - AUTH_SYS as described in Appendix A is known to be insecure due to > the lack of a verifier to permit the credential to be validated. > AUTH_SYS SHOULD NOT be used for services that permit clients to > modify data. AUTH_SYS MUST NOT be specified as RECOMMENDED or > REQUIRED for any Standards Track RPC service. > > - AUTH_DH as mentioned in Sections 8.2 and 13.4.2 is considered > obsolete and insecure; see [RFC2695]. AUTH_DH SHOULD NOT be used for > services that permit clients to modify data. AUTH_DH MUST NOT be > specified as RECOMMENDED or REQUIRED for any Standards Track RPC > service. > > So what do you do when RFC 5661 says: > The fetching of attributes containing file system location > information SHOULD be performed using RPCSEC_GSS with integrity > protection, > And, you don’t now change to MUST use RPSEC_GSS? Well I think at a > minimum you should do some 2119 language: > > 0) s16 (after the bullets): 2119 this should: > > In light of the above, a server should present file system > location entries that correspond to file systems on other servers > using a host name. > > 1) s16 (2nd para after the bullets): 2199 this SHOULD NOT: > > As a > result, the client should not use such unverified location entries > as a basis for migration, even though RPCSEC_GSS might be > available on the destination. > > 2) s16 (last bullet): 2119 this should: > > Where the use of the returned information cannot be > avoided, it should be subject to filtering to eliminate the > possibility that the client would treat an invalid address as > if it were a NFSv4 server. > > And, I guess since AUTH_SYS is insecure can I suggest a friendly > amendment to the following sentence: > > OLD: > The use of requests issued without RPCSEC_GSS (i.e. using > AUTH_SYS), while undesirable, may not be avoidable in all > cases. > > NEW: > > The use of requests issued without RPCSEC_GSS (i.e. using > the known to be insecure AUTH_SYS), while undesirable and > Insecure, may not be avoidable in all cases. > > It’s probably also worth discussing whether s14.3 should drop > support for includes id-sha1. > > > These are the nits: > > 0) Update to use new 2119 paragraph: > > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and > "OPTIONAL" in this document are to be interpreted as described in BCP > 14 [RFC2119] [RFC8174] when, and only when, they appear in all > capitals, as shown here. > > 1) s3.1 (wordy): r/since the > ports to be used for various types of connections might be > required to be different/since the > ports to be used for various types of connections might be > different. > > 2) s3.1 (missing period): r/Two such addresses support the use of clientid > ID trunking, as described in [RFC5661]/Two such addresses support the > use of clientid > ID trunking, as described in [RFC5661]. > > 3) s4.2 (missing word): r/which may accessed/which may be accessed > > 4) s4.3 (1st sentence): Not sure the 2119-RECOMMENDED is needed. > > 5) s4.3 (penultimate para): Seems like r/should/SHOULD. > > 6) s4.5: r/present , is/present, is > > 7) s4.5: Note sure you need the parenthetical in the following: > a server may (but is not required to) > > 8) s4.5.4: r/In the event that server failures,/In the event that > server fails, > or > r/In the event that server failures,/In the event of server failures, > > 9) s12.2.3: replace ietf.org with example.org (not supposed to use > real domains even if it is “ours”). > > 10) s16 (3rd bullet): Why is requirement is caps? > >
- [nfsv4] Secdir last call review of draft-ietf-nfs… Sean Turner
- Re: [nfsv4] Secdir last call review of draft-ietf… Spencer Dawkins at IETF
- Re: [nfsv4] Secdir last call review of draft-ietf… David Noveck
- Re: [nfsv4] Secdir last call review of draft-ietf… David Noveck
- Re: [nfsv4] Secdir last call review of draft-ietf… Spencer Dawkins at IETF
- Re: [nfsv4] Secdir last call review of draft-ietf… Brian E Carpenter