Re: [nfsv4] Review of draft-ief-nfsv4-integrity-measurement-04
Chuck Lever <chuck.lever@oracle.com> Tue, 21 May 2019 19:00 UTC
Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F70012019F for <nfsv4@ietfa.amsl.com>; Tue, 21 May 2019 12:00:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sFPPc50xWuUn for <nfsv4@ietfa.amsl.com>; Tue, 21 May 2019 12:00:45 -0700 (PDT)
Received: from aserp2130.oracle.com (aserp2130.oracle.com [141.146.126.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEEE2120298 for <nfsv4@ietf.org>; Tue, 21 May 2019 12:00:44 -0700 (PDT)
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4LIwmH3118954; Tue, 21 May 2019 19:00:41 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2018-07-02; bh=fVmBczVzPhwy7wixmWUrEHUT99z1v+dE2EUMMaMO4ws=; b=AGg3TWJ93BBPhoSlgvxU6KRwcLeJXamVgDwosol3Yy7eGV4h7A2YgMWrFWz+N9YzrQfl bi5aBVB/BKW9bTwEZwv1FGHXKJq+cfDVeVgB9AmOrBce3ER1rAdbGK1D0CLl3zYgh13n D9ZTI/BoVPrSXyQE4HrdMShcHGpaaKpoMqKR0MTBxALFQ+gDxbUBFm/cdgoxQhgu4Mby xApKQArel/keYlqFb8ymg8CGfC9BhjxmzOQipc5l/+qiRHrkYHcbUHHor7WthrkKqpAD R0OfTIDcPKlyqSY0nemF53M+lU5cx4qiwlwQhg5f2Fk+By4hv21mrSfoawKfmp2UPSNt jw==
Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80]) by aserp2130.oracle.com with ESMTP id 2sj7jdqptb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 21 May 2019 19:00:41 +0000
Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x4LIwpEg048266; Tue, 21 May 2019 19:00:40 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userp3030.oracle.com with ESMTP id 2skudbjbkn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 21 May 2019 19:00:40 +0000
Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x4LJ0dYR012791; Tue, 21 May 2019 19:00:39 GMT
Received: from anon-dhcp-171.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 21 May 2019 19:00:39 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <CADaq8jeKEN9MY9hs859hJxfyCjeObOR1vBdWMyjFGF9g+KhnfQ@mail.gmail.com>
Date: Tue, 21 May 2019 15:00:38 -0400
Cc: NFSv4 <nfsv4@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6562B008-FDA5-4DE2-B0CE-EC310F372E03@oracle.com>
References: <CADaq8jc2FoNEYHp282hxjY3EnWH7qQhF=WHomp+W9O5qf85USw@mail.gmail.com> <AACE7624-98E3-47AE-AA4F-BBD752A818AD@oracle.com> <CADaq8jeKEN9MY9hs859hJxfyCjeObOR1vBdWMyjFGF9g+KhnfQ@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9264 signatures=668687
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905210116
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9264 signatures=668687
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1905210117
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/Z96OTnrw_XB2aLJBRvIKYALNHuk>
Subject: Re: [nfsv4] Review of draft-ief-nfsv4-integrity-measurement-04
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 19:00:54 -0000
Hi Dave- > On May 21, 2019, at 5:52 AM, David Noveck <davenoveck@gmail.com> wrote: > > Thanks for the quick response. I look forward to seeing -05. > > Rather than subjecting each other (and the working group) to a > series of messages with long strings of >'s, let me try to summarize > our remaining disagreement by noting that you are uncomfortable with > my description of this as a linux-only feature and deny that this > is atypical by citing a number of other features that have only a > single implementation, in Linux. > > I agree that these features are de facto Linux-only features. I think it > is relevant to note two reasons that I consider the im stuff different, making > it, in -04 and probably in -05, a de jure Linux-client-only feature. In -00, > there was an attempt to make this client-neutral but those efforts seem > to have lapsed. Note that: > • Unlike the other features you mentioned, the word "LINUX" appears as part of the attribute name, as opposed to the use of "PROVENANCE" in -00. My interpretation of this shift is that it indicates a decision to treat this as a Linux-client-only feature, rather than one which just happens to have only a single current client implementation. I changed the name because of comments from you and Craig. I used LINUX because IMA is "specified" by the Linux implementation, not because IMA is implemented only on Linux. So let's pick a name that does not have LINUX in it. I see that RFC 8276 uses /// typedef component4 xattrkey4; /// typedef opaque xattrvalue4<>; No sign of "linux" there. I'm open to suggestions. If no-one has one, I'll use FATTR4_IMA in the next revision. > • With what is in the spec, it is impossible to write a non-Linux client implementation, because the format of the IMA metadata is not described. The attributes added by the proposed protocol extension are completely specified in this document. Any NFS client can enable access to and updates of IMA metadata using this document. Why would a client without an IMA implementation want to do this? For example, the metadata can be copied with the file's content. There is no need for any interpretation of that metadata on the copying host, it is simply an opaque blob. But not copying that blob means there is unwanted loss of information in the copy. If, for instance, the Linux IMA tool "evmctl" is ported to other operating systems (if they have xattr support), IMA metadata is exposed to user space on that OS and can be read or set via evmctl. I should mention that the changes to the Linux NFS client and server implementation do not know anything about the form of the metadata, nor do they need to. > There have been requests to provide this and it has not been provided and I'm not sure if I will ever understand why it has not. I have explained repeatedly on list why it is not possible. There is no specification for IMA, there is only an implementation. What could be cited in my document? I stated that up front when I presented during last summer's IETF meeting. This is the major issue with this document. There is no specification of IMA to cite. I have also explained why there is no need for the document to describe the metadata format: NFS acts only as a conduit, just like it does for user xattrs or file content. The metadata is not interpreted by either the NFS client or server implementation. This is the same as the local filesystem case. Local filesystems store the metadata, and a separate security module (or user space programs like evmctl) interprets it. To the local filesystem, IMA metadata is completely opaque. It is no different for NFS. [ As soon as this document provides format details, it will become the specification for IMA. I'm not sure the IETF or the WG wants to sign up for that responsibility, and IMO the Linux community would not settle for being tied down by an RFC either. ] > In any case, while the server can treat this as uninterpreted data, a client implementation cannot, I believe that is a false assertion. When I wrote "interpreted /on/ the NFS client" I meant on the host where the file content is accessed via NFS and then subsequently used. The NFS client implementation itself does not interpret the metadata any more than it cares what's in the file's byte stream. So my quibble yesterday is now a full blown objection to your characterization: Neither the NFS client implementation nor the NFS server implementation interprets IMA metadata. Both are pass- through agents. The metadata is interpreted by a separate (trusted) agent whenever the file content is read (or executed). But it is totally opaque to the NFS protocol and implementations. In this sense, IMA metadata is precisely the same as a user xattr. > so that, until this is is specified, the ima stuff is, from the client point of view, a Linux-only feature. Perhaps it is, practically speaking, but I disagree with your reasoning. I will re-write the Introduction again to clarify the above points. -- Chuck Lever
- [nfsv4] Review of draft-ief-nfsv4-integrity-measu… David Noveck
- Re: [nfsv4] Review of draft-ief-nfsv4-integrity-m… Chuck Lever
- Re: [nfsv4] Review of draft-ief-nfsv4-integrity-m… David Noveck
- Re: [nfsv4] Review of draft-ief-nfsv4-integrity-m… Chuck Lever
- Re: [nfsv4] Review of draft-ief-nfsv4-integrity-m… Chuck Lever
- Re: [nfsv4] Review of draft-ief-nfsv4-integrity-m… Everhart, Craig
- Re: [nfsv4] Review of draft-ief-nfsv4-integrity-m… Chuck Lever