Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-xattrs-05: (with DISCUSS)
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 25 May 2017 13:20 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BE2E1294D8; Thu, 25 May 2017 06:20:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3QC8G0D-aTJ0; Thu, 25 May 2017 06:20:00 -0700 (PDT)
Received: from mail-yb0-x236.google.com (mail-yb0-x236.google.com [IPv6:2607:f8b0:4002:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F9DD1270A7; Thu, 25 May 2017 06:20:00 -0700 (PDT)
Received: by mail-yb0-x236.google.com with SMTP id 130so34272666ybl.3; Thu, 25 May 2017 06:20:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rAaI7j7JVJhoRmRaXlt6kuYyXDZbco/3lH7c9Gej6EM=; b=UoMlsdlbueQt2zpm4xbFINjoDE1OfjwDGQrVzucPgA0ZOlqBcyMqttZNtmb6y1ccb2 E1TtRjTcuUjv7YYmE+4tqPyrvI/FpyXwHmagHC2qZRUcgRUI5DtgOEbB4qD7gNOflw+j RiHf4gvMpFCzLBrc6DTBTnAMRzc0gbx54ZAXfboG8i+xUWh2jzt+9ctUJpBJcgVXO+/F 75LAIzfESqp+i4LPv2EstAff7J/UnCqLjn6vutdRE2zclgN1DCutZ3FM6GNLwy3TbEAc i+MU4ILAP+9AW98BAWwmmHVjC8JL8O7T6Uz2U+uTc0v1y3DYThCZyKUjS3vunZOk8u0Z /DfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rAaI7j7JVJhoRmRaXlt6kuYyXDZbco/3lH7c9Gej6EM=; b=SveKBGHXQatimhGbxo+PfvDdgy5GgEX+N/APl0Jtm63nw3rQtxwG+28IRXTzL008yl 5TFrJg6PyKq58zlLwykS8AXpfiGlteSzJkED7GRccV7CFEzZ3DgZsfYnpRYBtlj1hmNL jsZxZwTQQqPm0JER+FBdNfIsEg5Xq5UoGbzRzgBalY2cVU/oRQ6NYiZEb8n3Qwbytz3M CGIF3cHNgX56YnSec7ZriA140Y73UKpxV7PluQdK7gaylusDld42XY3yUEtrgyd8WGok IJPx3o+41WOcnawXD25TuLDFhmv2sXS4HfvNgqj41OIcd093N9CXqBJJY3Zwx2PlUFEl EnZg==
X-Gm-Message-State: AODbwcDpIhGMD7ZPDjqOcWCWbxSSCciW/kyPs6QaiL1x+O+sfr57GA8f OeDGMCK5zeoOeIvAUAMwoVdNx0kg8w==
X-Received: by 10.37.113.84 with SMTP id m81mr959520ybc.70.1495718399831; Thu, 25 May 2017 06:19:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.163.130 with HTTP; Thu, 25 May 2017 06:19:59 -0700 (PDT)
In-Reply-To: <149559305147.28562.14990485255783585477.idtracker@ietfa.amsl.com>
References: <149559305147.28562.14990485255783585477.idtracker@ietfa.amsl.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Thu, 25 May 2017 08:19:59 -0500
Message-ID: <CAKKJt-cHEoBeP++YP-=FWmVTWkoLWLa5OZ=sDYT7kEBrDvvOiw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>, nfsv4-chairs@ietf.org, Spencer Shepler <spencer.shepler@gmail.com>, NFSv4 <nfsv4@ietf.org>, draft-ietf-nfsv4-xattrs@ietf.org
Content-Type: multipart/alternative; boundary="001a1148a34ce80e72055059130e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/fYVtY1a65ldZF2kHHJjmxQ2QcoY>
Subject: Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-xattrs-05: (with DISCUSS)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2017 13:20:03 -0000
Hi, Eric, On Tue, May 23, 2017 at 9:30 PM, Eric Rescorla <ekr@rtfm.com> wrote: > Eric Rescorla has entered the following ballot position for > draft-ietf-nfsv4-xattrs-05: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-nfsv4-xattrs/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Since xattrs are application data, security issues are exactly > the > same as those relating to the storing of file data and named > attributes. These are all various sorts of application data and > the fact that the means of reference is slightly different in > each > case should not be considered security-relevant. As such, the > additions to the NFS protocol for supporting extended attributes > do not alter the security considerations of the NFSv4.2 protocol > [RFC7862]. > > This seems inadequate. The issue is that if machine A writes some > extended attribute which is security relevant (i.e., this file is > only readable under certain conditions) and then machine B doesn't > know about the attribute, then you have a security problem on B > because it will not enforce it. It seems like FreeBSD uses extended > attributes for this purpose, so this isn't just theoretical. I haven't seen a response from the authors on this Discuss, so, at the risk of talking out of my hat, I THINK the answer is going to be that - either machine B keeps enforcing the incredibly lame access rights it's already enforcing (all users are part of the "nfs" group, so share the same access rights anyway, or whatever), or - machine B isn't enforcing anything now, so wouldn't be enforcing anything anyway. So, at a minimum, this extension would Do No Harm during periods of partial deployment. My advice is to wait for a response from a smarter Spencer (S), or another person who knows more about NFSv4 than I do, who will either confirm what I'm saying or tell you what I should have said instead, but if it's worth having a speculative discussion on the call today, I'm always up for that, of course. Spencer
- [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfs… Eric Rescorla
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Spencer Dawkins at IETF
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Eric Rescorla
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Spencer Dawkins at IETF
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Spencer Dawkins at IETF
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Nico Williams
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Marc Eshel
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Nico Williams
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… J. Bruce Fields
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Nico Williams
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… David Noveck
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Nico Williams
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Eric Rescorla
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… David Noveck
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Nico Williams
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Christoph Hellwig
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Nico Williams
- Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf… Manoj Naik