[nfsv4] Martin Duke's Discuss on draft-ietf-nfsv4-rpc-tls-08: (with DISCUSS and COMMENT)

Martin Duke via Datatracker <noreply@ietf.org> Thu, 25 June 2020 20:56 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: nfsv4@ietf.org
Delivered-To: nfsv4@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F14B3A100A; Thu, 25 Jun 2020 13:56:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Martin Duke via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-nfsv4-rpc-tls@ietf.org, nfsv4-chairs@ietf.org, nfsv4@ietf.org, David Noveck <davenoveck@gmail.com>, davenoveck@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.4.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Martin Duke <martin.h.duke@gmail.com>
Message-ID: <159311856977.23665.6882641799899154823@ietfa.amsl.com>
Date: Thu, 25 Jun 2020 13:56:10 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/gynnxT4lXOdZOqA89MF0HVwExWg>
Subject: [nfsv4] Martin Duke's Discuss on draft-ietf-nfsv4-rpc-tls-08: (with DISCUSS and COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2020 20:56:11 -0000

Martin Duke has entered the following ballot position for
draft-ietf-nfsv4-rpc-tls-08: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rpc-tls/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

This presumably a trivial fix but I think it's important enough to be a DISCUSS:

I think the document needs some discussion of the security properties of TLS1.3
early data over TCP, if only to refer to Section 8 of RFC 8446 (replay) and
mention that it is not forward-secure, unlike the rest of the payload.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for this draft. I fully support bringing TLS into more use cases of
this type.

Some comments:
Sec 1.
"Moreover, the use of AUTH_SYS remains common despite the adverse effects that
acceptance of UIDs and GIDs from unauthenticated clients brings with it.
Continued use is in part because:

Per-client deployment and administrative costs are not scalable. Administrators
must provide keying material for each RPC client, including transient clients.
Host identity management and user identity management must be enforced in the
same security realm. In certain environments, different authorities might be
responsible for provisioning client systems versus provisioning new users."

The text above says that something is still in use because..., and then
mentions two things that are bad. I think the two items are supposed to refer
to GSS?

Sec 4.2 This sure looks like normative text, so s/must not/MUST NOT "...
utilize the remote TLS peer identity for RPC user authentication"

Sec 5.1.2 Similarly, s/should/SHOULD "...employ ConnectionIDs of at least 4
bytes in length."