IETF Logo Mail Archive

Re: [nfsv4] AD review of draft-ietf-nfsv4-rpcrdma-cm-pvt-data

Chuck Lever <chuck.lever@oracle.com> Wed, 06 November 2019 22:00 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3A3A120100; Wed, 6 Nov 2019 14:00:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jM74DyRS5ovB; Wed, 6 Nov 2019 14:00:45 -0800 (PST)
Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C39812002F; Wed, 6 Nov 2019 14:00:45 -0800 (PST)
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id xA6Ln3Aj191170; Wed, 6 Nov 2019 22:00:40 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2019-08-05; bh=J3oKt2W/i6u3iOTkhQzRv6oVO8KRevB1DdQrcf1gt9k=; b=lHz/P1bZRfokV2NpaOwOsY2PSu7i2JBJKFLs/UNzAL/FlG3+XY8L0mW7pn8Y2OaiQiqt vfleh90R9ei0gLYocMWMDnvT3fgHkFwJECoo119zqm/2r+JokZWauP4lIRcojMEkGgGj gAZt7SWsPEjctUsDBzDa9RZezm6S40lp+Jl7siXX2MqS6Y1v1eRj2iOFkzWaI0H0gzph JdCgr7pM19YV4TnMq5ofsunQdyHqwW4vEn1X9Dsez+nUNVLOTTS6U+UfKoC7Ij/BnylD ZsYZRwxrx2rCNZTV4ja0lAld0hIopxZKZ/J2oR9cN/UVThFV2T/q6QnX3jdl5IoqbZPA Cw==
Received: from aserp3020.oracle.com (aserp3020.oracle.com [141.146.126.70]) by userp2120.oracle.com with ESMTP id 2w41w0t08v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 06 Nov 2019 22:00:40 +0000
Received: from pps.filterd (aserp3020.oracle.com [127.0.0.1]) by aserp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id xA6Ln8FP018347; Wed, 6 Nov 2019 22:00:39 GMT
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by aserp3020.oracle.com with ESMTP id 2w41wep109-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 06 Nov 2019 22:00:39 +0000
Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id xA6M0b6N008055; Wed, 6 Nov 2019 22:00:37 GMT
Received: from anon-dhcp-152.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 06 Nov 2019 14:00:37 -0800
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <5e2d5ca8986a23ed98543371ffca9462b064c892.camel@ericsson.com>
Date: Wed, 06 Nov 2019 17:00:36 -0500
Cc: "draft-ietf-nfsv4-rpcrdma-cm-pvt-data@ietf.org" <draft-ietf-nfsv4-rpcrdma-cm-pvt-data@ietf.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <09BF5B7E-20E1-461C-9D18-5F45A37F25E4@oracle.com>
References: <HE1PR0701MB2697052833EB5B100338912F957F0@HE1PR0701MB2697.eurprd07.prod.outlook.com> <262BD619-26E1-4C09-BE0C-537D05109DD1@oracle.com> <5e2d5ca8986a23ed98543371ffca9462b064c892.camel@ericsson.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9433 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1910280000 definitions=main-1911060211
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9433 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1910280000 definitions=main-1911060211
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/flkIc4ZNpmBFICKiLjcPfAeG46Y>
Subject: Re: [nfsv4] AD review of draft-ietf-nfsv4-rpcrdma-cm-pvt-data
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 22:00:48 -0000

Hi Magnus-

> On Nov 5, 2019, at 4:46 AM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote:
> 
> On Mon, 2019-11-04 at 11:36 -0500, Chuck Lever wrote:
>> Hi Magnus, thanks for your review and moving forward with the AD write-up.
>> 
>>> On Nov 4, 2019, at 9:56 AM, Magnus Westerlund <
>>> magnus.westerlund=40ericsson.com@dmarc.ietf.org> wrote:
>>> 
>>> Hi,
>>> 
>>> I have started my AD review. It was such a short document that I thought I
>>> read through it to figure out what more I need to read. So I have not yet
>>> read like RFC 8166. So from a context of having little context understanding
>>> the below are my comments and questions. I think it may be faster if you
>>> help answering them then I read a lot of documents and still have question
>>> marks. 
>>> 
>>> 
>>> 	1. So this private data field is only existing in Infinite Band
>>> Connection manger? So what this document is defining a structure to a field
>>> which currently don’t have any structure but are part of a protocol defined
>>> by another body? 
>>> 		a. Have this work been formally agreed with IBTA? 
>>> 		b. Or is the relationship to the connection manager used to
>>> establish the RPC over RDMA different, if that is the case it needs to be
>>> better explained. 
>> 
>> The private data field is for use by Upper Layer Protocols. It's existence
>> is defined by the IBTA, but not its content. It's opaque to the CM, hence
>> the name "private".
>> 
>> Both iSER and iWARP itself (both IETF-defined) can place data in this field.
>> That's why there
>> is a 32-bit format ID field: if that doesn't match the constant defined in
>> this document, that means some other ULP is using the private data field,
>> and its contents are then ignored by RPC-over-RDMA.
> 
> So with new text as proposed in other email to clarify that this extensions
> apply to several different protocols will help making it clear that this is
> useful for IETF to define and not stepping on anyone's particular toes. 
> 
>> 
>> 
>>> 	3. Section 5: Is there only going to be one object of private data
>>> forever in the relevant communication? If not, why isn’t this a well-
>>> specified TLV so that unknow type entries can be skipped to the nest object?
>> 
>> As I understand it, the private data field is used by one ULP at a time.
>> I'm not aware of a TLV. There are already existing ULP implementations
>> that do not assume a TLV, so that might be a tough sell.
>> 
> 
> That helps a bit, but basically what we end up with is that the ULP need to
> cordinate between the end-point about which private data format(s) it will use.
> And if is to include multiple formats it need to know that the peer can delimit
> all of them. That is what I see as the issue. Maybe this assumption and
> responsibility of the ULP can be made clearer in the document. 
> 
>> 
>>> 	4. Even if there ever is going to be one entry, can you be more formal
>>> in description of what is a valid message using another format identifier,
>>> is that only the 32-bit field of the format Identifier, or also the version.
>> 
>> I can cite the use of this field by other protocols, if that would help.
> 
> As I said yes. 
>> 
>> 
>>> 	5. Isn’t the version field just unnecessary? If one needs version using
>>> another format identifier is more easy than the identifier + version
>>> construct.
>> 
>> It's possibly superfluous. But:
>> 
>> - the two fields serve different purposes, even though they could be combined.
>> - there's already an implementation that uses both fields.
> 
> So, I understand that your down the road on this one and you don't need to
> implement any change. But, it was a reflection I had after commenting on issue
> 4). 
> 
>> 
>> 
>>> 	6. Section 6: The IANA consideration is confusing. If the specification
>>> for a CM private data format requires IESG approval, then why have the
>>> expert review policy. In that case one can simply use the IESG approval
>>> policy instead. However, requiring any type of IESG approval here appear to
>>> be a way to high bar. I think expert review is likely appropriate, but the
>>> guidance to the Experts needs to be clearer. For example what happens if
>>> IBTA want to use this to add some format?
>> 
>> I would be OK with Expert Review only, but:
>> 
>> 1. I will need suggestions about expert guidance. Will look at other RFCs.
> 
> Basically the WG can specify what requirements you consider needed for a
> registration request. Publicly availble specification, contact information, what
> criterias the expert should make judgment on. Like if there are sensitive
> information or not. Etc. 
> 
>> 2. IMO WG consensus is needed on the replacement text of this section.
> 
> Sure, and if the WG want to choice IESG approval or Specification Required as
> policy for the registry that is also fine with me. However, I am currently not
> fine with the strange mix that is currently documented. 
> 
>> 
>> 
>>> 	7. Section 7: The security consideration. I am missing any discussion
>>> about the security requirements that the actual extension. It appears that
>>> integrity and source authenticity are required for safe operation of these
>>> two extensions.
>> 
>> Integrity is a property of RDMA Reliable Connection transports.
>> 
>> Not clear about the source authenticity requirement. Can you elaborate?
> 
> What I am trying to say, is that security consideration sections should make a
> security requirement analysis. And what I can see this private data when
> delivered to receiver, the receiver need to know that the data was not modified
> and it needs to know from whom it came. Thus integrity and source
> authentication. Then you can simply add a statement that the protocol you know
> to carry this field will provide that security service. 
> 
> The other aspect to consider is really if one can get any impact on the peer by
> being malicous in setting these fields. For example can I get the peer entity to
> consume more resources? To my understanding the answer is partially yes, but not
> without having to similarily promise to allocate resources. And if I don't do
> things will fail. And the point is that there is other methods that will be more
> efficient to do Denile of Service attacks on the peer in the protocol. 
> 
> It is usually good to document what aspects of attacks that has been considered
> and what level of an issue they are on.

The latest:

https://chucklever.github.io/i-d-rpcrdma-cm-pvt-data/draft-ietf-nfsv4-rpcrdma-cm-pvt-data.html

And a convenience URL for diffing with -04:

https://tools.ietf.org/rfcdiff?url1=https://tools.ietf.org/id/draft-ietf-nfsv4-rpcrdma-cm-pvt-data.txt&url2=https://chucklever.github.io/i-d-rpcrdma-cm-pvt-data/draft-ietf-nfsv4-rpcrdma-cm-pvt-data.txt


I've tried to address the following issues that you called out after your
attempt at an AD write-up of -04:

- Now a Proposed Standard updating RFC 8166
- Replaced the stale link to the IB specification
- Additional text explaining precedents and the purpose of the Format Identifier
- Revised the IANA Considerations section to remove "specification required" language
- Revised the Security Considerations section

I can take this further if you would like more changes before the next steps.
Otherwise I can provide a draft-ietf-nfsv4-rpcrdma-cm-pvt-data-05.xml for you
to submit manually.


--
Chuck Lever

v2.23.0 | Report a Bug | By Email