IETF Logo Mail Archive

[nfsv4] questions w.r.t RPC-over-TLS draft

Rick Macklem <rmacklem@uoguelph.ca> Mon, 20 January 2020 00:30 UTC

Return-Path: <rmacklem@uoguelph.ca>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 485F5120052 for <nfsv4@ietfa.amsl.com>; Sun, 19 Jan 2020 16:30:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M5h1lUE-zsbA for <nfsv4@ietfa.amsl.com>; Sun, 19 Jan 2020 16:30:51 -0800 (PST)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670071.outbound.protection.outlook.com [40.107.67.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C00212001E for <nfsv4@ietf.org>; Sun, 19 Jan 2020 16:30:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=StivO3Drr+pyjV0wjL9bQAym3sK3qAW87msZ7DCFIM3sobL+KYiA9JNwyfUs4RBvub0xC1OyjZVOKoJXE8r8BOp/772SQRrUy2w4jyGLfcMNbFnYDKqzNjRwVCZWusvqsQGdWwpu8GNcVe/Bf0/PwFcId5pqUiRBWWaQBF7VHoxp0z6LbzZY9V5xHB7NS+QOoJpFi84N5cMetB0b2bb9UOHupxfc0qhBrZkG2bli/CjEhOPFljp1yAsQSYeDvty7OtIVDlcS+rUafXGcyUhbv0RMfbGg/6wAqwT4mah5RMyxsTLnevHFtKerrGWezC1UkBLs4+VcNKsqYdQ6lN8GRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NMHLVffVsS6ciUUOiBJkZXsXqo2xgT26Ugc2MiLXMUk=; b=ZDVV6FeJ9fHjCMqLtZXi5Pg0433/EmMwN3EqAhfFd/O+5w2jTAM0GlnyTb1DjkfjYSdgQrbhhiV/KYvxwD3E9IsOnxV8KSNQfogq/37r7pD9YTnJEvMgAbinMCldaKtwqMTJEMHP/Lb/NaGrd+5yjZrazaHNxg7LR163mYzsBGmhL4J6Tc8UHsvuMzMn4XaauweBf4puPF5yqqO3Ip51UNmo+LrlOBFZFqXh1b+OZpNvJF+tVz90HPZbEP106G7ZyY4L64SICROrfwDjxjiL+QWPDY54/IlgPO0J10f3368m1QIabZXgwz5lqXp2NlteqVVHa6GgfB0JCXLjnbXLvw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none
Received: from YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM (52.132.69.153) by YQBPR0101MB1267.CANPRD01.PROD.OUTLOOK.COM (52.132.68.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.23; Mon, 20 Jan 2020 00:30:49 +0000
Received: from YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM ([fe80::7512:8580:8d82:6c94]) by YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM ([fe80::7512:8580:8d82:6c94%6]) with mapi id 15.20.2644.024; Mon, 20 Jan 2020 00:30:49 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: questions w.r.t RPC-over-TLS draft
Thread-Index: AQHVzye+eTXe64dubES650eWV4dxjw==
Date: Mon, 20 Jan 2020 00:30:49 +0000
Message-ID: <YQBPR0101MB142761C64D6A842CB99EADC0DD320@YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rmacklem@uoguelph.ca;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4c597aac-ffa2-467e-8dc3-08d79d3fffc8
x-ms-traffictypediagnostic: YQBPR0101MB1267:
x-microsoft-antispam-prvs: <YQBPR0101MB1267ED8329EA7D665279AD2CDD320@YQBPR0101MB1267.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0288CD37D9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(136003)(39850400004)(376002)(396003)(366004)(199004)(189003)(66946007)(64756008)(66476007)(76116006)(9686003)(66556008)(66446008)(55016002)(2906002)(316002)(786003)(478600001)(33656002)(8936002)(186003)(81166006)(71200400001)(6506007)(7696005)(6916009)(81156014)(86362001)(5660300002)(52536014)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:YQBPR0101MB1267; H:YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: uoguelph.ca does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: HZhUN43s8G7xY9BuzvuQoG7EAhqGtxNg8dCrCJxIAYvRgJ2jN9cz5nS1gYJy3qRbvv9FpfftvNd7MRfFezy8dtLYThsr2eg4LjNe2L6joYvH18r6pXUj58k3DkgV9qhowanbXZ6k1xX5deJPuZCeBZQtfoguvQTAB6U5+8KFG05JQviqWmK/3WTEv/66iKtYEjqeTlo5AlyBsbIoJjeZbn68bcLPDhTH60X5BOjLlfRdvB8Ml8g25AsFDY9rQ1r9/jKkhYHgDeuyKsPcEo5+/QZgKxHIXAL86Fpu0FHNwRsWp0AduVo6SSwTEH1OQ9T5XQOHQ8sJXdOW23Zn3BN9gIOkSRIYVaDLiqNjcMOalGpMtvXf7Om9moqns9JPp6gbxLkZyASBO5aevlsZVjXSwDysxcr3AdZDDzhwyJ4tZNiCMFeJcCd9rexd2YluBaoe
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c597aac-ffa2-467e-8dc3-08d79d3fffc8
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jan 2020 00:30:49.5348 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JaC6w/A1N2hoLMOrDnJ4cRpoP7mwZ9HKvnr4KwC3O80+UARyu14LkfSKUdII/x/KcHoZhc5bAidEXyTwH9jayg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQBPR0101MB1267
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/_9-BDiEx_94gQSEYl6iuunM1gsw>
Subject: [nfsv4] questions w.r.t RPC-over-TLS draft
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2020 00:30:53 -0000

Hi,

I've started implementing RPC-over-TLS for NFS and have run into a couple
of questions related to the draft (#4, I haven't downloaded #5).

1 - Given this description...
   The flavor value of the verifier received in the reply message from
   the server MUST be AUTH_NONE.  The bytes of the verifier's string
   encode the fixed ASCII characters "STARTTLS".

Is the verifier coded as:
A:   verifier length: 8
      bytes STARTTLS
OR
B:   verifier length: 12
      string length: 8
      bytes STARTTLS

ie. Is there supposed to be a string length as coded by xdr_string() in the
verifier? (It is the words "verifier string" the above that I find confusing.)

Then there is this sentence...
   AUTH_ERROR.  If the client sends a STARTTLS after it has sent other
   non-encrypted RPC traffic or after a TLS session has already been
   negotiated, the server MUST silently discard it.

Does "other non-encrypted RPC traffic" refer specifically to traffic between
the NULL RPC with AUTH_TLS and the STARTTLS or does it refer to non-NULL RPC traffic or??

Thanks for any clarification of this, rick

v2.23.0 | Report a Bug | By Email