IETF Logo Mail Archive

Re: [nfsv4] [EXTERNAL] Re: Review of draft-ietf-nfsv4-rpc-tls04

Tom Talpey <ttalpey@microsoft.com> Fri, 06 December 2019 19:24 UTC

Return-Path: <ttalpey@microsoft.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3E4D1200CD for <nfsv4@ietfa.amsl.com>; Fri, 6 Dec 2019 11:24:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wyk5wEW7FcxM for <nfsv4@ietfa.amsl.com>; Fri, 6 Dec 2019 11:24:55 -0800 (PST)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2096.outbound.protection.outlook.com [40.107.92.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D11812006D for <nfsv4@ietf.org>; Fri, 6 Dec 2019 11:24:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fo4QfYiQjnQ4JDI6edZ4cvrnX6WgDxL4B0ogg8vZsrnPd09q5XkQnjnBIHHO1zroa9O5Lx/xKiP9SfKP161HcMhidwCK0DoHTg5jnr7IR3/u+BheBAwVm82dxQxaAK0TZJXY+q/HO4N+NMTT2NT+mZIfs0IEaOdHQRFQPHXeZncbZdR70aMpJAUenxu9MVkYQj9qPoHuNCusFOjzuXUqFHjFlyUzmnRN0eD7wZOwWWapnxKIAb3wffloPeEQi1EwFz9sAROuwqbA1BtmdLaAngHMrTzqF33H1H8e+3f80N3Tt2CT2qelTJwd5sta9MNbnBE5w8eY+hmI4yscoq/paQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ta8jSvjK9I2Nw2S+ommTKoX077MlqKgBOpx8RrotvbQ=; b=jSdzu4wqujmGsH0kXZ7+AIWl+7ohM9vgJA/3WD62uiZzD+zv/gLw7qlvCSAROEax5ry0HINNZgloGGxKhWTHt+WhAOT5BWDwshp2zSyTWwoYfL/7j1Ea9gnIWrjT+F3tmHkISkGPq6MfIDU+BYlJ0LYZTSBk2UteqowtT/lxe+y2zqtuuwM2wAQmqTxUW7phIKxhfB8MFPTOx7SMMuc4ffDOhhPgNs6lMsboLe5BKC7YajYH3i3Olx7tiOx2GvnBDpFv81Y+oyi4BxyLRdbyO+Xjyl4CKZQ3VupmPCzxCvKSNDgaFuFv1ugO5uhgoZYghF1TUSRj8Gu235RWkC0i7w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ta8jSvjK9I2Nw2S+ommTKoX077MlqKgBOpx8RrotvbQ=; b=h3SRGlTt/XC+NYqxt+ukoIXvSZDw+/EwFxiybZcY0P8NJTpe6oVQpidTUNmzGs+NLJjy49ay8BQZN0OsOQ33OrkDLmWlENJLrOfJQ7REyq5H83//s6Eew6+AmlMGBShSVdAH6YznkMI22Lx7iceIJ8wieKFjVe+H+IsxV5bP/IM=
Received: from MN2PR21MB1439.namprd21.prod.outlook.com (20.180.26.143) by BYASPR01MB0069.namprd21.prod.outlook.com (20.179.60.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.2; Fri, 6 Dec 2019 19:24:53 +0000
Received: from MN2PR21MB1439.namprd21.prod.outlook.com ([fe80::6c23:c364:903f:4423]) by MN2PR21MB1439.namprd21.prod.outlook.com ([fe80::6c23:c364:903f:4423%9]) with mapi id 15.20.2538.010; Fri, 6 Dec 2019 19:24:53 +0000
From: Tom Talpey <ttalpey@microsoft.com>
To: Chuck Lever <chuck.lever@oracle.com>, David Noveck <davenoveck@gmail.com>, "Black, David" <David.Black@dell.com>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] [EXTERNAL] Re: Review of draft-ietf-nfsv4-rpc-tls04
Thread-Index: AQHVrGkMT7fMVSdgW0qdV/wq5ZWTbqete6rg
Date: Fri, 06 Dec 2019 19:24:53 +0000
Message-ID: <MN2PR21MB143950BE6F7130739D1280CAA05F0@MN2PR21MB1439.namprd21.prod.outlook.com>
References: <CADaq8jdbQJFKS7xoeP+wLMhT0e8gSQQeqHDsV7PHNbT_YC+hSQ@mail.gmail.com> <11820D8F-A192-46EE-AD32-8561BCBE31A2@oracle.com> <MN2PR21MB143931B6F1DC40FF6A765AAEA05F0@MN2PR21MB1439.namprd21.prod.outlook.com> <CADaq8jf5Dh8bMmA2fcDKBknTbz-Oah1dZH=KRawjSRtOa6zh5w@mail.gmail.com> <63ADA2AC-815D-4899-B863-4FD321A968ED@oracle.com>
In-Reply-To: <63ADA2AC-815D-4899-B863-4FD321A968ED@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=ttalpey@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-12-06T19:24:52.0775028Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=b9d7f95c-900d-44cc-8cea-a67ab826b4ba; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ttalpey@microsoft.com;
x-originating-ip: [2601:18f:900:895::100a]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: be667750-fe02-4126-0264-08d77a81f89e
x-ms-traffictypediagnostic: BYASPR01MB0069:
x-microsoft-antispam-prvs: <BYASPR01MB0069642F6877433F1380CCB3A05F0@BYASPR01MB0069.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0243E5FD68
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(376002)(366004)(136003)(346002)(199004)(189003)(13464003)(86362001)(4326008)(2906002)(10090500001)(8936002)(8676002)(76176011)(33656002)(8990500004)(81166006)(478600001)(229853002)(110136005)(5660300002)(316002)(10290500003)(81156014)(55016002)(9686003)(99286004)(52536014)(66946007)(71200400001)(7696005)(76116006)(66446008)(66476007)(66556008)(64756008)(71190400001)(6506007)(186003)(53546011)(102836004)(305945005)(74316002); DIR:OUT; SFP:1102; SCL:1; SRVR:BYASPR01MB0069; H:MN2PR21MB1439.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0idLoQ7iK8H3w850IyuPelqifXZu18pbNY1c7Ize7LsDe6KLqn9IV8FdP1nkNQZlk+QRzYweR6ay31FKUZ2HVYleekd5rJnZTw0z31rluTPGnIty32tIuk7o7ZPMDdbaxlTVBW5SSoGbuhps7m+eYeuTNZhxRH4WbhVrjVbUPMJK7kwZql6vSK0pjM7kQ8ChNr295yeldCfguZA/3wF96w6SD7mQc0j0SOFXKTL6V4uL6ODUrPapOqnWvBWESbdkYqahqMdejTwx0gUUW/V1+CDg6J629dShnT7Luuvmxf0Mm1eFihskI2f67h72iiqE0Q61DekVytf9OusDJ3pib1UdMssncJf2isfLVSXbRbeo2AVyv8p906AH9vy8pc/HITLM713wnOnkWX5nPfjH1WdIAGkHsS5m0exOaG3aH1/CXMRZ0FNNv9zwcF2J1IuqKN05vhiDWoSpEoS+Nh1qlEh739j8geAEDrwPidAfEbTsqTQCmdoM4ZCH0LTA1695
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: be667750-fe02-4126-0264-08d77a81f89e
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Dec 2019 19:24:53.5932 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EUIZyWVvNZwN2VznmbB+CbQYQvJTGbT81OL8C1SWzDhm1t4wNN3EE/iDWvHNz2XyiNrxXdFwwuB/SVqTympq3w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYASPR01MB0069
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/gRaNYFQ-sGnu6aVnh5YYlCx-3sg>
Subject: Re: [nfsv4] [EXTERNAL] Re: Review of draft-ietf-nfsv4-rpc-tls04
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2019 19:24:58 -0000

> -----Original Message-----
> From: Chuck Lever <chuck.lever@oracle.com>
> Sent: Friday, December 6, 2019 2:12 PM
> To: David Noveck <davenoveck@gmail.com>; Black, David
> <David.Black@dell.com>
> Cc: Tom Talpey <ttalpey@microsoft.com>; NFSv4 <nfsv4@ietf.org>
> Subject: Re: [nfsv4] [EXTERNAL] Re: Review of draft-ietf-nfsv4-rpc-tls04
> 
> 
> 
> > On Dec 6, 2019, at 11:53 AM, David Noveck <davenoveck@gmail.com>
> wrote:
> >
> > On Fri, Dec 6, 2019 at 10:28 AM Tom Talpey <ttalpey@microsoft.com>
> wrote:
> > > -----Original Message-----
> > > From: nfsv4 <nfsv4-bounces@ietf.org> On Behalf Of Chuck Lever
> > > Sent: Friday, December 6, 2019 10:11 AM
> > > To: David Noveck <davenoveck@gmail.com>
> > > Cc: NFSv4 <nfsv4@ietf.org>
> > > Subject: [EXTERNAL] Re: [nfsv4] Review of draft-ietf-nfsv4-rpc-tls04
> 
> >> Essentially, we want to require that the host separates
> >> the encryption of each tenant's traffic.
> >
> > I think the move from "user identiy domain" to "tenant" is helpful here even
> > though you would have to explain what multipe tenants, which, as Tom
> > points out, can alsooccur without virtalization per se, bein involved.
> 
> 
> Fair 'nuf. To me "tenant" and "user identity domain" mean the same thing
> in this context. In Linux, a tenant container is represented by a set of
> namespaces, one of which controls the user identity mapping. So "user
> identity domain" seems natural to me, but maybe not to others.
> 
> RFC 4949 does not have a convenient definition of "tenant."
> 
> RFC 7644 Section 6 comes close.
> 
> David Black, perhaps you might have thoughts based on your work on
> network virtualization overlays ( RFCs 736[45] )?

I'm arguing the opposite - that there's no need to bring in "tenant" or
"virtualization" or adding references to nvo, etc. Unless you have a very
specific vulnerability in mind that this needs to cover.

In other words, keep it simple and at the highest-level abstraction possible.

Tom.

> >> I don't think this is limited to a virtualization environment, or the behavior
> >> of the host partition/process. It's more generally a matter of key
> management,
> >> isn't it?
> >
> > That seems right to me.
> >
> >
> >> The more general statement in that case might be that the key(s) used to
> >> protect the TLS connections MUST be managed in such a way that do not
> >> impact the privacy or integrity of one another. For example, if Coke and
> Pepsi
> >> were both guests of a single host, the keys used for their RPC/TLS mounts
> >> MUST NOT allow Coke to attack Pepsi.
> >
> > Good requirement but I think it needs to be stated in terms of what the
> > implementation is to do, rather than what it needs to prevent.
> 
> I agree that this has become implementation guidance. But I'm still not
> clear on exactly how to state this recommendation/requirement.
> 
> For one thing, the use of compliance keywords might no longer be appropriate.
> 
> 
> --
> Chuck Lever
> 
>

v2.23.0 | Report a Bug | By Email