IETF Logo Mail Archive

Re: [nfsv4] Potential erratta for RFC7931

Bruce Fields <bfields@fieldses.org> Tue, 04 October 2016 18:18 UTC

Return-Path: <bfields@fieldses.org>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5622129426 for <nfsv4@ietfa.amsl.com>; Tue, 4 Oct 2016 11:18:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.898
X-Spam-Level:
X-Spam-Status: No, score=-4.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSNUSNWLhvlm for <nfsv4@ietfa.amsl.com>; Tue, 4 Oct 2016 11:18:24 -0700 (PDT)
Received: from fieldses.org (fieldses.org [IPv6:2600:3c00::f03c:91ff:fe50:41d6]) by ietfa.amsl.com (Postfix) with ESMTP id 407B5129422 for <nfsv4@ietf.org>; Tue, 4 Oct 2016 11:18:24 -0700 (PDT)
Received: by fieldses.org (Postfix, from userid 2815) id AB629201C; Tue, 4 Oct 2016 14:18:22 -0400 (EDT)
Date: Tue, 04 Oct 2016 14:18:22 -0400
From: Bruce Fields <bfields@fieldses.org>
To: David Noveck <davenoveck@gmail.com>
Message-ID: <20161004181822.GB15057@fieldses.org>
References: <CADaq8jdc+5oLkvaxNkpxm65gH_X8+fGarZLAsq-bgGrUxSYC3A@mail.gmail.com> <20161003151158.GE3324@fieldses.org> <CADaq8jfDdy8CnDGdisq+CwdXYgaUbSOCri2q7KOxo-bCzmC7wQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADaq8jfDdy8CnDGdisq+CwdXYgaUbSOCri2q7KOxo-bCzmC7wQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/dDin_zYTmlIloaRKGmzgCcMoZhY>
Cc: Bill Baker <bill.baker@oracle.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: Re: [nfsv4] Potential erratta for RFC7931
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2016 18:18:26 -0000

On Mon, Oct 03, 2016 at 07:21:18PM -0400, David Noveck wrote:
> > Nit: I believe your argument was that one repeat was sufficient. > If that's
> the case, let's say that.
> 
> Good point.  See the replacement paragraph below
> 
> > And the bottom of p. 24 also needs an update: "Note also that
> > the callback update procedure can be repeated multiple times
> > to reduce the probability of further spurious matches."
> 
> That's already within the replaced paragraph.

Gah, sorry.

> The new proposed replacement paragraph is as follows:
> 
> Although the NFSv4.0 specification requires the server to make sure that
> such verifiers are very unlikely to be regenerated, different servers may
> use the same approach to the construction of such verifiers, raising the
> probability that two distinct servers might inadvertently assign the same
> verifier value. The fact that the servers in question have assigned the
> same clientid4 may raise this probability.  In order to guard against the
> possibility that such assignments might cause two distinct
> 
> servers to be incorrectly considered the same, the SETCLIENTID procedure
> mentioned above needs to be repeated at least once.  Repeating the
> procedure once  is
> sufficient to ensure that the successive confirm values SCn, SCn'
>  generated by these repeated SETCLIENTID operations cannot all collide with
> a verifier previously received by the client when communicating with IPn.

Sounds good, I'd just delete "at least once" in the above.

I mean, it's technically accurate, but it leaves me wondering why you're
suggesting that I might want to do this more times.

--b.

> 
> 
> On Mon, Oct 3, 2016 at 11:11 AM, Bruce Fields <bfields@fieldses.org> wrote:
> 
> > On Sat, Oct 01, 2016 at 09:02:52AM -0400, David Noveck wrote:
> > > Although the NFSv4.0 specification requires the server to make sure that
> > > such verifiers are very unlikely to be regenerated, different servers may
> > > use the same approach to the construction of such verifiers, raising the
> > > probability that two distinct servers might inadvertently assign the same
> > > verifier value. The fact that the servers in question have assigned the
> > > same clientid4 may raise this probability.  In order to guard against the
> > > possibility that such assignments might cause two distinct
> > >
> > > servers to be incorrectly considered the same, the SETCLIENTID procedure
> > > mentioned above needs to be repeated at least once.
> >
> > Nit: I believe your argument was that one repeat was sufficient.  If
> > that's the case, let's say that.
> >
> > And the bottom of p. 24 also needs an update: "Note also that the
> > callback update procedure can be repeated multiple times to reduce the
> > probability of further spurious matches."
> >
> > I'd update it to something like: "The callback update procedure must
> > then be repeated one more time".
> >
> > > This will ensure that
> > > the sucessive confirm values SCn, SCn'. SCn'' generated by these repeated
> > > SETCLIENTID operations cannot all collide with a verifier previously
> > > received by the client when communicating with IPn.
> > >
> > > Comments?
> >
> > I think that's correct, and it's a minimal change, and therefore maybe
> > it's the right thing for errata.
> >
> > It bugs me that the only client I've looked at does something different
> > and much simpler.
> >
> > After receiving the SETCLIENTID with a clientid matching an established
> > one, the modified RFC7931 requires, if I have it right:
> >
> >         1. SETCLIENTID_CONFIRM to the new server.
> >         2. SETCLIENTID to the old server.
> >         3. SETCLIENTID_CONFIRM to the new server.  And with this fix:
> >         4. SETCLIENTID to the old server.
> >         5. SETCLIENTID_CONFIRM to the new server.
> >
> > Whereas the Linux client needs only:
> >
> >         1. SETCLIENTID_CONFIRM to the old server.
> >
> > And that works just as well.  (The existing Linux client has the same
> > bug, but that is fixed with just a single if statement and no more
> > round trips.)
> >
> > So at some point I'd hope we can document this, as 1) it's actually
> > being used by a major client so people need to know about it, 2) it's
> > easier to implement and analyze.
> >
> > --b.
> >

v2.23.0 | Report a Bug | By Email