Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-02.txt
bfields@fieldses.org Fri, 15 October 2021 19:16 UTC
Return-Path: <bfields@fieldses.org>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DD883A09E9 for <nfsv4@ietfa.amsl.com>; Fri, 15 Oct 2021 12:16:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fieldses.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qupA3Ly1x-oG for <nfsv4@ietfa.amsl.com>; Fri, 15 Oct 2021 12:16:15 -0700 (PDT)
Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 711EA3A09DD for <nfsv4@ietf.org>; Fri, 15 Oct 2021 12:16:14 -0700 (PDT)
Received: by fieldses.org (Postfix, from userid 2815) id A6FFE581C; Fri, 15 Oct 2021 15:16:10 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org A6FFE581C
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1634325370; bh=kqQYaUl1WO0qdO0LAa6W8Yym+fTrbdubdUj3TIF1cuU=; h=Date:To:Cc:Subject:References:In-Reply-To:From:From; b=M+fLkI9jGRIWDBx3xHF0e2/tqOwgQeDZsZn1B4quKbGMsHC+sNPfyjJ8NQ10SPn1g xz92LbNjRIqzlCH+Hc2dcbiFj2jDS8XQeXsVbvTPNu4wOFeRzvMxMuSV1RJW7VRVNG PD9Non3ndVXRTRz9zG5uWiF0t5uV5v0KHqy/hkDM=
Date: Fri, 15 Oct 2021 15:16:10 -0400
To: David Noveck <davenoveck@gmail.com>
Cc: NFSv4 <nfsv4@ietf.org>
Message-ID: <20211015191610.GA26275@fieldses.org>
References: <163413179762.4576.18048404104258349846@ietfa.amsl.com> <CADaq8jd=c5bE=seSnBubaWoT3xv+0K1K8XtX5xVU413O1AZMiQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADaq8jd=c5bE=seSnBubaWoT3xv+0K1K8XtX5xVU413O1AZMiQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
From: bfields@fieldses.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/aW96E-7RD7B2BEatCHdZ23q3UU8>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-02.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Oct 2021 19:16:20 -0000
"Giving servers a general freedom to to not support the masks defined in this section, creates an unacceptable level of potential interoperability problems." Unfortunately, we seem to be stuck with it. "POSIX" ACLs are the only ACLs that Linux supports, it's been that way for 20 years, and given the failure of the (significant) effort Andreas Gruenbacher made to implement NFSv4-like on Linux, I'm not optimistic that's going to change. I'm not particularly happy with the ACL language here either, I totally sympathize with the desire to clean it up, but I'm not sure how. I'm frankly in despair over the whole ACL situation and I think that the only really useful solutions require more than tweaking the spec language. --b.