Re: [nfsv4] Stephen Farrell's No Objection on draft-ietf-nfsv4-minorversion2-40: (with COMMENT)
Chuck Lever <chuck.lever@oracle.com> Sat, 23 January 2016 00:18 UTC
Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC7311B2D89; Fri, 22 Jan 2016 16:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eLwQJXlJiOxI; Fri, 22 Jan 2016 16:18:09 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0352F1B2D87; Fri, 22 Jan 2016 16:18:08 -0800 (PST)
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u0N0I5oa006600 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 23 Jan 2016 00:18:05 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserv0022.oracle.com (8.13.8/8.13.8) with ESMTP id u0N0I4el003334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 23 Jan 2016 00:18:04 GMT
Received: from abhmp0009.oracle.com (abhmp0009.oracle.com [141.146.116.15]) by aserv0122.oracle.com (8.13.8/8.13.8) with ESMTP id u0N0I4Ir007183; Sat, 23 Jan 2016 00:18:04 GMT
Received: from dhcp-whq-5op-3rd-and-4th-floor-gen-off-10-211-47-54.usdhcp.oraclecorp.com (/10.211.47.54) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 22 Jan 2016 16:18:04 -0800
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <166532A7-FDCC-4021-8314-8CCD2DB36703@primarydata.com>
Date: Fri, 22 Jan 2016 16:18:08 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <D7687BC3-ED7B-4F86-9463-A12EF1C53054@oracle.com>
References: <20160121141530.8170.25186.idtracker@ietfa.amsl.com> <166532A7-FDCC-4021-8314-8CCD2DB36703@primarydata.com>
To: Tom Haynes <thomas.haynes@primarydata.com>
X-Mailer: Apple Mail (2.2104)
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Archived-At: <http://mailarchive.ietf.org/arch/msg/nfsv4/_SE2ts1-1UCFtkuBY98v_8-Gu2k>
Cc: The IESG <iesg@ietf.org>, draft-ietf-nfsv4-minorversion2@ietf.org, nfsv4-chairs@ietf.org, nfsv4@ietf.org, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [nfsv4] Stephen Farrell's No Objection on draft-ietf-nfsv4-minorversion2-40: (with COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jan 2016 00:18:10 -0000
> On Jan 22, 2016, at 4:13 PM, Tom Haynes <thomas.haynes@primarydata.com> wrote: > > Hi Stephen, > > Thanks for the comment, responses inline > >> On Jan 21, 2016, at 6:15 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: >> >> Stephen Farrell has entered the following ballot position for >> draft-ietf-nfsv4-minorversion2-40: No Objection >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-minorversion2/ >> >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> >> >> - 1.3.2: I'm just curious, feel free to ignore. Does anyone >> maintain those posix specs these days? (e.g. >> [posix_fadvise]). > > No clue :-) > > >> >> - 1.4: "a new arm" isn't clear to this reader, maybe >> consider re-phrasing if this isn't a common NFS term (if it >> is, that's fine) >> > > > No, not a NFS term. "Arm" is an XDR term defined in RFC 1832, section 3.15. > How about this: > > NFSv4.2, it is possible to add a new arm (i.e., a new entry in the > union and a corresponding new field in the structure) in a subsequent > minor version. And it is also possible to move such an operation > > > >> - 4.10: thanks for providing all that! >> >> - 4.10: possibly dumb question: does this (or NFSv4) support >> what a user would perceive as an encrypting file system >> where the keys are held-by/derived from something on the >> user's machine? If so, and if the two servers involved use >> keys known at the user's machine and not by the NFS >> infrastructure then I'm not sure how this can work. IOW, if >> there's a decryption and then a re-encryption required in a >> server-server copy and if that needs any keying material >> from the client then could that ever work? Note that I'm not >> talking about securing the file during the server-server >> copy but de-crypting before sending and then re-encrypting >> before storing. > > Petty sure that Kerberos provides for this. > > >> >> - 9.6: Is it considered a requirement that e.g. a user >> cleared to secret cannot tell if there is anything stored >> that is of higher classification? > > > In Section 9.2, it states: > > o MUST NOT expose an object to either the client or server name > space before its security information has been bound to it. > > And the definition of “bound” belongs to > the security implementation being defined. > > I.e., I mean seLinux, Trusted Solaris, etc. > > >> If so, did anyone go >> through all NFS interfaces to check if e.g. disk or >> directory usage information could give away the fact that >> there is stuff stored that's not visible to this user? > > > In a Limited Server, this is clearly not met. > > In a Full Mode implementation, a policy might exist that > allowed the server to let the client make such decisions. > >> I'm >> not arguing that this definitely needs to be done >> exhaustively, but maybe consider adding a caveat emptor >> sentence somewhere saying that even with MAC, it could be >> that NFS allows for some minor meta-data leakage such as the >> above. >> >> > > > > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4 -- Chuck Lever
- [nfsv4] Stephen Farrell's No Objection on draft-i… Stephen Farrell
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Tom Haynes
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Chuck Lever
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Stephen Farrell
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Benjamin Kaduk
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Stephen Farrell
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Tom Haynes