IETF Logo Mail Archive

Re: [nfsv4] Comments on minutes of wg meeting at IETF114

David Noveck <davenoveck@gmail.com> Tue, 13 September 2022 12:29 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F261C14F73A for <nfsv4@ietfa.amsl.com>; Tue, 13 Sep 2022 05:29:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id prigz6vJaRED for <nfsv4@ietfa.amsl.com>; Tue, 13 Sep 2022 05:29:48 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E2C4C14F72F for <nfsv4@ietf.org>; Tue, 13 Sep 2022 05:29:48 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id lz22so27154517ejb.3 for <nfsv4@ietf.org>; Tue, 13 Sep 2022 05:29:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=0OgizqAJ1R0ySEnmhy+D4Ega7Apn/lnUyMx6mfzRUyw=; b=ft100GcH84Ee+lJjwvsKHIQMvtUXPa2sNfXmEZpXBlN0qJoFATlSp8mDVxwGPgLfG5 Js496mWuhSOV7izzUAlKLF5rNPeJkd4KodoAx7Azxd8tENuTJTCuW4sTqSgXs9scRt8k 9DIRHAb6ZTTbDpXfTJaZUADZXiGwazb08M9gtils+Gvs37a4VsDduzLzXPu8vggbJSmI SE0UaMQ2m2ClezSorRrIOJS16qLA/4IDkFVoiP2eMxj1HNA0TtkTnO7M6zkdCFyZdcIX GxLWTX59w3rCRkoRt1E/ERO+CipqH6l/y1+AI2InmVKJw+7mf2FgqRUhaIjYOe/DTGo0 7nFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=0OgizqAJ1R0ySEnmhy+D4Ega7Apn/lnUyMx6mfzRUyw=; b=DSfsEfEyncPf+GhutSHCIU5LZB1bpKN2M5hZtlt3a9TLIZZvMqBlnav2ncWEjS9tvE nG6OYfxBrQEFJ4SyQmwFCF5mjrmat0AdJvHZUgBh4Ihql70LAiF4+/EaA/B/jgkKDVAF W9XzOznayuX5+SUtitACUSVI6KpbTZEVHgsKRB7tZSgQ5UTFaDxkZP2SnWcDdLXDPGJi 0WRnrOpxc5KB+/hpMB+6ckJexvdqmEJTXXPYhiixCM9CN816/FSgbFp7K4OIKdfYMMDR 1H0ySwZsdYWOAn9zmRiy/KSbVIh6QjWcZ8rEh/EcWlRHdBj7TNJAi393bFuXiv23oU1B rO+w==
X-Gm-Message-State: ACgBeo3D0RCxNolB78HzlJBaP+MOQXgZ9XECl0pxstvKj1t7DiPeZ+sX TUGrcHu/BGWPKyagcoPECPon1w5fpJbmfEjbEjjwt7kv
X-Google-Smtp-Source: AA6agR4DceLcIfvn5vULBZzc2b4WjhkoHKyh1FzaIAGyA9JD5PnzUIPPb5CyZ7Fn+z9J2S/apMYzcdUXcMe610/3q7w=
X-Received: by 2002:a17:907:8a09:b0:731:610:ff8d with SMTP id sc9-20020a1709078a0900b007310610ff8dmr21719453ejc.399.1663072186708; Tue, 13 Sep 2022 05:29:46 -0700 (PDT)
MIME-Version: 1.0
References: <CADaq8jd4+FPhH0m5AuBgop_xJiYMjrRKva8mX0A-gioW_8b+5A@mail.gmail.com> <2CCC6B48-118F-48C3-A764-1380BAB72066@oracle.com>
In-Reply-To: <2CCC6B48-118F-48C3-A764-1380BAB72066@oracle.com>
From: David Noveck <davenoveck@gmail.com>
Date: Tue, 13 Sep 2022 08:29:35 -0400
Message-ID: <CADaq8jeoyLbC_cFd8FwSzuSGFZAi9r3UsTGAxx5KykW+-99Jmg@mail.gmail.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ecb86905e88e2a1f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/e8g890c36EyhT6TbhQPnwSULOCM>
Subject: Re: [nfsv4] Comments on minutes of wg meeting at IETF114
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2022 12:29:52 -0000

On Mon, Sep 12, 2022, 12:25 PM Chuck Lever III <chuck.lever@oracle.com>
wrote:


> The conclusion of this discussion was to let the RDMA and ULB documents
> expire and remove the charter milestone.
>

Regardless of that, we would have to ascertain consensus to do that.
Decisions at working group meetings always have to be confirmed on the wg
mailing list.

That should have been done a month ago, but we might as well have that
discussion now.


> A version 2 of RPC/RDMA is not in demand by any customer.
>

Fair enough.  It is a shame we have an RDMA approach so inferior to SMB.
Sigh!

>  I feel it’s time to let it rest,

If you don't want to push this to a conclusion, then we have to live with
what we have.

> Unless or until there are sufficient resources to attack the addition of
transport-layer security to MPA/RDMAP.

That sounds to me too much like "We'll do it when we get around to it."

Because of the importance of security, we cannot simply wait for such
resources to drop into our laps.,

>
> I fear these minutes do not capture the entire discussion.
>

That's not surprising.

Is there a video recording of the session available?
>

I don't know.  Brian?  Zahed?

>
>
> Chuck has informed me that a wg decision was made to abandon this document
> but that does nĺ⁰ot appear in the minutes.
>
>
I'm perplexed by this and expect to remain so even if a 3-D 4K-resolution
video were discovered.

Given that this was an individual draft, the decision was not a wg decision
and does not have to be confirmed on the list.

Instead, it is Chuck's decision to make but I'd like to understand why he
made it.

Let me give people some background.  Chuck objected to the treatment of
SECINFO in some earlier security-0x draft.  He thought it was to
complicated so we agreed that he would publish his approach, as he did in
rpc- tls-pseudoflavors and I  would refer to that in the next security
draft.

Now it appears that Chuck has changed his mind and I'd appreciate knowing
why <http://why.ch>.

In any case, I need either this document or some replacement to proceed
> with security-05
>
>
I suppose I could get by, pulling some material from Chuck's document into
security-05.  However,  I don't think  that's the right way to do that and
I feel that our original agreement (Chuck's and mine) was right.

>
> Rick says he plans to implement a simple rejection of RPCs when a server’s
> security policy does not permit AUTH_SYS without TLS, using existing RPC or
> upper layer status code. The client can decide to retry with TLS (why was
> it not defaulting to TLS in the first place?) or let such requests fail.
>

That seems like a sensible implementation to me.  However, it is not
complete and does not address the fundamental problem, that rpc-with-tls
makes SECINFO, as defined in RFCs 7530 and 8881 essentially useless.  It
was built when Auth flavors alone defined security capabilities and that is
no longer the case 😀.

>
> I’d like Rick to write a brief description of his idea.
>

I think I  am getting the implementation idea.  We have to reach a
consensus on the future of SECINFO.  I hope nobody objects to augmenting it
with pseudoflavors because I object strongly to leaving it almost useless
and explaining that in rfc5661bis.

>
>
> > Zahed questions whether we had an adoption call for the BIS document?
>
> I guess not.   The issue is complicated by current plans for document
> split-up.
>
>
> We haven’t had any deep public discussion of the scope of each the
> replacement documents.
>

True.  I proposed a possible split to address Zahed's concerns about the
size of RFCs 5661 and 8881.

Given how labor-intensive it is to split up
the bis given inter-document references,
I think it is time to reconsider this.

This is really up to Zahed but I'd like to hear opinions from the rest of
the working group.

They have grown to encompass quite a bit more than what was in RFC 5661
>

Could you be more specific?

. I would feel more comfortable if the WG could agree on a limited scope
> for each of these to prevent scope creep from making them impossible to
> complete.
>

Let's leave aside the splits not yet done.  The scope of rfc5661bis is
limited to rfc8881 plus rfc8434.


> The idea that we are addressing every errata against RFC 5661 with the bis
> effort is new to me.
>

That's surprising to me.  I think that if you are doing a bis and leave
errata unaddressed, you are not doing your job:

   - For accepted editorial errata reports, it would be insane not to
   incorporate the correct version and stick with the erroneous text.
   - For held-over errata reports, the bis is the only opportunity to fix a
   reported (and acknowledged) error.
   - For rejected errata reports, if there is a wg consensus for change
   they have to be fixed in the bis.


IIRC, there was a lot of discussion on the list in which I reassured Trond
that his errata reports, even though formally rejected, would be addressed
in the bis.


>  I know we had some vague plans to address some of them,

I had vague plans to address all of them and work on those plans is
ongoing. I need to focus on doing the rest without detailed plans.

> and I had proposed keeping track of these with the github issue tracker.
However, github has not been adopted for any of these documents,

Maybe we can do that after these are adopted as working group documents. I
will need your help.

> so at this time there is no real tracking of these outstanding issues.

My 5661bis drafts list the errata that have been addressed.  In the next
draft, I will also list the ones that have yet to be addressed.


> There are, of course, errata against other RFCs that this WG is
> responsible for. My impression of the discussion during the session was
> that all of these errata were a problem, not just the errata against RFC
> 5661.
>

What sort of problem?  Are there errata for other documents that are big
enough that a bis is required? If not, we may just have to muddle through.


>
>
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4 hi
>

v2.23.0 | Report a Bug | By Email