Re: [nfsv4] Potential erratta for RFC7931
Bruce Fields <bfields@fieldses.org> Tue, 04 October 2016 18:18 UTC
Return-Path: <bfields@fieldses.org>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5622129426 for <nfsv4@ietfa.amsl.com>; Tue, 4 Oct 2016 11:18:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.898
X-Spam-Level:
X-Spam-Status: No, score=-4.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSNUSNWLhvlm for <nfsv4@ietfa.amsl.com>; Tue, 4 Oct 2016 11:18:24 -0700 (PDT)
Received: from fieldses.org (fieldses.org [IPv6:2600:3c00::f03c:91ff:fe50:41d6]) by ietfa.amsl.com (Postfix) with ESMTP id 407B5129422 for <nfsv4@ietf.org>; Tue, 4 Oct 2016 11:18:24 -0700 (PDT)
Received: by fieldses.org (Postfix, from userid 2815) id AB629201C; Tue, 4 Oct 2016 14:18:22 -0400 (EDT)
Date: Tue, 04 Oct 2016 14:18:22 -0400
From: Bruce Fields <bfields@fieldses.org>
To: David Noveck <davenoveck@gmail.com>
Message-ID: <20161004181822.GB15057@fieldses.org>
References: <CADaq8jdc+5oLkvaxNkpxm65gH_X8+fGarZLAsq-bgGrUxSYC3A@mail.gmail.com> <20161003151158.GE3324@fieldses.org> <CADaq8jfDdy8CnDGdisq+CwdXYgaUbSOCri2q7KOxo-bCzmC7wQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADaq8jfDdy8CnDGdisq+CwdXYgaUbSOCri2q7KOxo-bCzmC7wQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/dDin_zYTmlIloaRKGmzgCcMoZhY>
Cc: Bill Baker <bill.baker@oracle.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: Re: [nfsv4] Potential erratta for RFC7931
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2016 18:18:26 -0000
On Mon, Oct 03, 2016 at 07:21:18PM -0400, David Noveck wrote: > > Nit: I believe your argument was that one repeat was sufficient. > If that's > the case, let's say that. > > Good point. See the replacement paragraph below > > > And the bottom of p. 24 also needs an update: "Note also that > > the callback update procedure can be repeated multiple times > > to reduce the probability of further spurious matches." > > That's already within the replaced paragraph. Gah, sorry. > The new proposed replacement paragraph is as follows: > > Although the NFSv4.0 specification requires the server to make sure that > such verifiers are very unlikely to be regenerated, different servers may > use the same approach to the construction of such verifiers, raising the > probability that two distinct servers might inadvertently assign the same > verifier value. The fact that the servers in question have assigned the > same clientid4 may raise this probability. In order to guard against the > possibility that such assignments might cause two distinct > > servers to be incorrectly considered the same, the SETCLIENTID procedure > mentioned above needs to be repeated at least once. Repeating the > procedure once is > sufficient to ensure that the successive confirm values SCn, SCn' > generated by these repeated SETCLIENTID operations cannot all collide with > a verifier previously received by the client when communicating with IPn. Sounds good, I'd just delete "at least once" in the above. I mean, it's technically accurate, but it leaves me wondering why you're suggesting that I might want to do this more times. --b. > > > On Mon, Oct 3, 2016 at 11:11 AM, Bruce Fields <bfields@fieldses.org> wrote: > > > On Sat, Oct 01, 2016 at 09:02:52AM -0400, David Noveck wrote: > > > Although the NFSv4.0 specification requires the server to make sure that > > > such verifiers are very unlikely to be regenerated, different servers may > > > use the same approach to the construction of such verifiers, raising the > > > probability that two distinct servers might inadvertently assign the same > > > verifier value. The fact that the servers in question have assigned the > > > same clientid4 may raise this probability. In order to guard against the > > > possibility that such assignments might cause two distinct > > > > > > servers to be incorrectly considered the same, the SETCLIENTID procedure > > > mentioned above needs to be repeated at least once. > > > > Nit: I believe your argument was that one repeat was sufficient. If > > that's the case, let's say that. > > > > And the bottom of p. 24 also needs an update: "Note also that the > > callback update procedure can be repeated multiple times to reduce the > > probability of further spurious matches." > > > > I'd update it to something like: "The callback update procedure must > > then be repeated one more time". > > > > > This will ensure that > > > the sucessive confirm values SCn, SCn'. SCn'' generated by these repeated > > > SETCLIENTID operations cannot all collide with a verifier previously > > > received by the client when communicating with IPn. > > > > > > Comments? > > > > I think that's correct, and it's a minimal change, and therefore maybe > > it's the right thing for errata. > > > > It bugs me that the only client I've looked at does something different > > and much simpler. > > > > After receiving the SETCLIENTID with a clientid matching an established > > one, the modified RFC7931 requires, if I have it right: > > > > 1. SETCLIENTID_CONFIRM to the new server. > > 2. SETCLIENTID to the old server. > > 3. SETCLIENTID_CONFIRM to the new server. And with this fix: > > 4. SETCLIENTID to the old server. > > 5. SETCLIENTID_CONFIRM to the new server. > > > > Whereas the Linux client needs only: > > > > 1. SETCLIENTID_CONFIRM to the old server. > > > > And that works just as well. (The existing Linux client has the same > > bug, but that is fixed with just a single if statement and no more > > round trips.) > > > > So at some point I'd hope we can document this, as 1) it's actually > > being used by a major client so people need to know about it, 2) it's > > easier to implement and analyze. > > > > --b. > >
- [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 J. Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 Chuck Lever
- Re: [nfsv4] Potential erratta for RFC7931 Chuck Lever
- Re: [nfsv4] Potential erratta for RFC7931 J. Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields