IETF Logo Mail Archive

Re: [nfsv4] testing of RPC over TLS

David Noveck <davenoveck@gmail.com> Fri, 27 November 2020 12:44 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3C83A0AC1 for <nfsv4@ietfa.amsl.com>; Fri, 27 Nov 2020 04:44:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WL2lzYmaS66h for <nfsv4@ietfa.amsl.com>; Fri, 27 Nov 2020 04:44:49 -0800 (PST)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89B0E3A0A71 for <nfsv4@ietf.org>; Fri, 27 Nov 2020 04:44:49 -0800 (PST)
Received: by mail-ej1-x635.google.com with SMTP id m19so1730897ejl.11 for <nfsv4@ietf.org>; Fri, 27 Nov 2020 04:44:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JLxtT8dJLHG85bnZL73ijY5Yjm2aOnPChPxP57Vcix8=; b=qFMBN2MV0p0gmbuA717i2xRRCfON1LVwCwM8a80Kz0uWavWtRCUlWiA/+Ed4iU6fKY wYkyz/pskCJG/vupPsprNF6y8YRDZMWJRo+M5j4TP27o4vH1NLcTaWkJOeee397miyv/ CGYpCehDQefL6YkHWfqS0BtOmctufps+2ywJ2fAgZPqCRfsJLmdisSpQysbY7lSGOJqf aHgZFesSyuC4qkBskqrep9rUFKtuandwnU3YvaUGTw7x5sNtw135eXbM8qK7Ir30nev1 GZSCEAPJ7Bg73TUsoNK7L4CgiwlmiI1IA/DrQ02eGaEk4jCELbUuP81mxFSNgnq5GFX7 uNUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JLxtT8dJLHG85bnZL73ijY5Yjm2aOnPChPxP57Vcix8=; b=IzOHniEPTXRNxlE7bN6nTnF8QQ3dewtZSFON0UTYuLgoPTabISpyTW6uytbmUO2BDJ zB9VhuKAZ0wKR8MLnU55BjgIKvEaetAow3BIqTq4P5b07CmgKQ5DdGnMnXS95F7XNwA7 WLB1nIA5l/qr0ByO0JNZ+IaiGN96KH74gcmxZb+vuqRqNqI86RjKpqfE45xSN2czusY1 QbLjnScjmzbDd/Yps2o7Lqco9CUQx+a+E8gITGFDt1gM4AWsQfA+Tq+RA9e18uH9BHAc d1V2kkRiRKW79HJc5EZodrevHsX7Ua0d8daZN8IfMqxdV5yiybRZJ/wgzIjOnKSVZAm+ Fwmw==
X-Gm-Message-State: AOAM531GBDIzumT/vwm5u/qI/9411czfdgKoDpSzeil0Lg0rLelmi9ql DqfXtMhzE4oVFBaa0aYnWLWJXLuLQg3EHvcPFg0=
X-Google-Smtp-Source: ABdhPJyPAmdJNqDmjsXqtZcNFfOW+mjauXF+4DA8gFy0VbAfAFb+Wj+XlYLB6v8MzQMmglDiU9LEjZQ3UWcX+gwcgm8=
X-Received: by 2002:a17:906:d8a8:: with SMTP id qc8mr7480602ejb.149.1606481087823; Fri, 27 Nov 2020 04:44:47 -0800 (PST)
MIME-Version: 1.0
References: <CAD2Ti2-8Kh+_XNBoPM6uCZXErohfkPdsGWauqviccMDURog6GA@mail.gmail.com> <20201127060959.GK34187@kduck.mit.edu> <CAD2Ti2_N+DytVL0ObEMms0vRd5fG5MRTqjDWQYEqgTq4g7ArKQ@mail.gmail.com>
In-Reply-To: <CAD2Ti2_N+DytVL0ObEMms0vRd5fG5MRTqjDWQYEqgTq4g7ArKQ@mail.gmail.com>
From: David Noveck <davenoveck@gmail.com>
Date: Fri, 27 Nov 2020 07:44:36 -0500
Message-ID: <CADaq8jdKQKTb3AcRXX65QU6LeKO-Bi8QzKX=yqnV+RjQmGyicg@mail.gmail.com>
To: grarpamp <grarpamp@gmail.com>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009402db05b5160680"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/bGb-VuVxw55pdOEPFGA6mytoBYM>
Subject: Re: [nfsv4] testing of RPC over TLS
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2020 12:44:52 -0000

There is no way we can make the sort of changes in the existing RFC
candidate that you propose, at this point.   The document has already
successfully been through WG last call, IETF last call and IESG
consideration and has a good chance of resulting in an RFC within 2021   If
we were to decide that we wanted to significantly change it, we would be
delaying publication for at least a year.   As a result, we would be living
even longer with the current approach to NFSv4 security including the use
of AUTH_SYS without any client host authentication whatever :-(. Sigh!

The benefits that you anticipate from your proposed changes would have to
be balanced against the negative consequences of a delay in rpc-tls as
currently defined.    That is not worth it.   The proper time to raise and
address these sorts of issues was during WGLC, which ran from 11/24/2019 to
12/23/2019.  In any case, the document approved by the working group did
not take the view that you do regarding these issues.

It is possible for the working group to change its mind and start work on a
revised RFC.   You can propose that to the working group.   Another
possibility is to address these issues in an nfsv4-specific context (rather
than in a general rpc context) as part of the anticipated RFC deriving from
an eventual draft-ietf-nfsv4-security.    I'd appreciate it if you
provided material regarding these (and other important) security issues
that would fit in draft-dnoveck-nfsv4-security-needs.   I think it would be
best if we incorporated all these before submitting
draft-ietf-nfsv4-security-needs.

On Fri, Nov 27, 2020 at 6:02 AM grarpamp <grarpamp@gmail.com> wrote:

> On 11/27/20, Benjamin Kaduk <kaduk@mit.edu> wrote:
> >> > https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt
> >>
> >> How do users and administrators pin down the
> >> public key fingerprint of the NFS server's TLS certificate
> >> so that the hash is checked and thus a MITM
> >> attack is prevented?
>
>
> > only vocal proponent of this
>
> Often NFS users and admins...
> Are in and from nice private LAN environments, not public services.
> Aren't necessarily oriented to other nasty threat models.
> Come from legacy schools of thought that still incorrectly
> believe "CA" validation is all that's needed to neuter MITM.
>
> That's of course not universal, but "only" is relative,
> and in no way invalidates the considerations for pinning.
>
> If something speaks TLS, it needs to have pubkey
> pinning options.
>
>
>
> If RFC compliant implementations must do some
> certain things re TLS, then RFC can also say that...
> "5.2.3 Fingerprint pinning
> Implementations must offer options to configure
> pinning of the TLS certificate pubkey fingerprint hash".
>
> Some simple sentence like that is all that's needed.
> Then all the implementations, such as FreeBSD's,
> will have the option, users can read their manuals
> and use it as desired or not.
>
> If not put in the RFC, then some better implementions will
> have them, other lesser ones won't, the space for nfsv4
> interop will thus be fragmented, users who want to use
> pinning will be constrained to certain OS's, comparisons
> made, etc.
>
> FreeBSD has a good degree of security consciousness,
> so it would be great and not surprising for them to offer
> pubkey pinning for their users and admins from the start.
>
>
>
> Sections 4 and 5 already require lots of things re TLS... so there
> is no reason it cannot also require the *options* to configure
> pubkey and CA pinning... further info on those can be included
> in references and appendix (while indeed at same time progressing
> more formal material in IETF or elsewhere).
>
> 5.2.3 Fingerprint Pinning
> [opts required]
> 5.2.3.1 Pubkey Hash
> [defn refs]
> 5.2.3.2 Certificate Hash
> [defn refs]
>
>
> "
> 5.2. TLS Peer Authentication
>
>    TLS can perform peer authentication using any of the following
>    mechanisms.
>
> 5.2.1. X.509 Certificates Using PKIX Trust
>
>    RPC-over-
>    TLS implementations are REQUIRED to support the PKIX mechanism
>    described in [RFC5280].
> "
>
>
>
> > "PKI vs. Pinning" section of
> > https://datatracker.ietf.org/doc/minutes-108-saag/
>
> The above sentence also rightly avoids such TLS debates...
> - "scale"
> - "decisions about which rogue / forced / compromised CA's to 'trust'"
> - what "AV" "Google" companies think
> - namespaces, grand pie sky schemes
> - whether or not anyone thinks users need pinning or not
> - etc
>
>
> Pinning to the CA is not the sole and universal option for all users.
> For one, CA / Let's Encrypt sigs expire, such expiry is meaningless,
> the rotation causes excess "scale" maintenance under cert level pins,
> CA $igs often don't mean anything to real security contexts... and it
> has already been noted that any privkey compromise will result in the
> pubkey hash changing anyway, so CA is either moot or secondary
> to that pubkey fundamental. Pinning the pubkey "end entity cert"
> is the underlying simple method to avoid any concerning about CA.
>
>
> Users TLS environments, needs, models, validations...
> are different from debaters... instead stick to how
> to get the option into all implementations.
>
> But to not even mention pinning in RFC, to have removed it,
> not even having as 5.2.2's "optional option", or more fully
> detailed in Section 7 security considerations... seems potentially
> a bit irresponsible, particularly now that other TLS client-server
> applications are making some more mention and implement of it.
>
>
> https://tools.ietf.org/html/draft-ietf-nfsv4-rpc-tls
>
> "
>    In 2014 the IETF published a document entitled "Pervasive Monitoring
>    Is an Attack" [RFC7258], which recognized that unauthorized
>    observation of network traffic had become widespread and was a
>    subversive threat to all who make use of the Internet at large.  It
>    strongly recommended that newly defined Internet protocols should
>    make a genuine effort to mitigate monitoring attacks.
> "
> "
>    A classic form of attack on network protocols that initiate an
>    association in plain-text to discover support for TLS is a man-in-
>    the-middle
> "
>
>
> > watch the recording and read the associated email thread
>
> https://mailarchive.ietf.org/
>
> IETF has configured CloudFlare (which btw is in fact a MITM,
> for which too few have contemplated that problem) to block
> users of VPN and other overlay services who would otherwise
> be quite happy to watch or read such things at that URL.
>
> Didn't see a video link in the minutes link.
>
>
> Best regards.
>
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4
>

v2.23.0 | Report a Bug | By Email