IETF Logo Mail Archive

Re: [nfsv4] Update on documents related to rfc5661bis effort.

Chuck Lever III <chuck.lever@oracle.com> Wed, 12 October 2022 13:09 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA69FC14F731 for <nfsv4@ietfa.amsl.com>; Wed, 12 Oct 2022 06:09:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b=AT7uvHVt; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b=ev4J4+SQ
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dGvp5jDlFgw5 for <nfsv4@ietfa.amsl.com>; Wed, 12 Oct 2022 06:09:22 -0700 (PDT)
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5414AC14F722 for <nfsv4@ietf.org>; Wed, 12 Oct 2022 06:09:21 -0700 (PDT)
Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29CCx0pd014823; Wed, 12 Oct 2022 13:09:18 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp-2022-7-12; bh=/l9Ry58I+aYPoWL/x9S5fYPyapwOmwYBhqpTV6CuM+s=; b=AT7uvHVtVEMKN6AEHWoCHutaoRMkQr6V6Fg/Lrt95CpNbuCderfMy3Enev1TLVRusN7l qdAMETib9fPYXTpAfHirdVFohd1SSDi6yJHPWu/3z4vDpu5jeZJ27U/mExOkDRxWtbA5 VtQtqGsqsBL6Q+zwRBT0hnXfBVZLyt1PQuMqt3gvh2gHhPQvu4f6DOZI5Xqod7szIoK9 dRP8hDkYAhxde4viQ/+XPCNQgJvdlMe807Pec/nQOWF5DwZaFkcZZMLrquxq/IoaKhnA 0SPppMdgXC+L8RYKwXaqyfhPiMkmM1bToqLV7q6aA0apVD8B8mxRPAljdd4Cmg+lepOa tA==
Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3k31rthw3a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 12 Oct 2022 13:09:18 +0000
Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 29CB6KNp002888; Wed, 12 Oct 2022 13:09:17 GMT
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2177.outbound.protection.outlook.com [104.47.56.177]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3k2yn4k9uc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 12 Oct 2022 13:09:17 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ATJhpuxw0B4tIxN3Mk8VS2PtG3XoqLadLnM66x0KafLAIUkudZ8bzwwJaidexbWpVdqf1mov7ollevRwCfU7JfNoB2Nk52hwRHQzqfxRFPxZcoTtIOdGOmXAolQnowTnqNx1U0kCTEfZHqRUc70JgeGs8ZO4RWpKApgr72ZejS629SKIgyiq/NGt2NzodUWDuYRt5rly/pTP687J04DoCKIzh+15ORWvsq29V/zKrLj+kl/f7hYA/i97V709x4AEMJpBCS4lnm6ynZ/p4IKlEPk7e+dNBIsBfA52kIwVvIWWPKpCMdH5Xpgp4n9nA0sYOzCccHzZaEugMFaIPw5J0Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/l9Ry58I+aYPoWL/x9S5fYPyapwOmwYBhqpTV6CuM+s=; b=Ir3iLxDZtYlWFAixstqMWltdKtBzj1OkUMwkclV/oa20R/th1q6U/5rq7B6SVfXmWd7DkuNgK7FNfTMNJl6wM+sE3h/wO4xV+luiLvAblfF/9iwc/T/oaqy7ale3vdBBshnNO8Sgs0jDwqLY/2SVFLIxrzo7qTkWhq0dGM9j0vmsGenYTmgSmCVTvJW0KZ6rAx2WhbQMJbvFyXyavlO8X7bino9llBkK9J7hUtqZVzuGZdyuzE7wGC9LGcc4YTWxefZuUgkSVspKIA8fSDhWPi6GhcuS5yA6/Rbj8UvQeDz5gwPPei0Ar2Rc82gj0hvmg+2BpGtkDqJzrrL+sgC0lg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/l9Ry58I+aYPoWL/x9S5fYPyapwOmwYBhqpTV6CuM+s=; b=ev4J4+SQPIm2A818EWdZrqQPfNpQPiNblHR3GwKzvuyKmySK0nlS4JoDcVNOxpc+KU42HJzIYqrR/6Yl2bYqVF7uRezfxOqXtgHplHrPi4xGceWvWIjnsUs1EdtiaHLKrkQy3QRLH6V6eIobEFoDawfJuWLmSLGvuSR7eCjGvKQ=
Received: from BN0PR10MB5128.namprd10.prod.outlook.com (2603:10b6:408:117::24) by BY5PR10MB4146.namprd10.prod.outlook.com (2603:10b6:a03:20d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.24; Wed, 12 Oct 2022 13:09:15 +0000
Received: from BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::5403:3164:f6c3:d48a]) by BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::5403:3164:f6c3:d48a%3]) with mapi id 15.20.5709.022; Wed, 12 Oct 2022 13:09:14 +0000
From: Chuck Lever III <chuck.lever@oracle.com>
To: David Noveck <davenoveck@gmail.com>
CC: Brian Pawlowski <beepee@gmail.com>, NFSv4 <nfsv4@ietf.org>, Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Thread-Topic: [nfsv4] Update on documents related to rfc5661bis effort.
Thread-Index: AdjX/9WJCdPeEhSTRuy8D4APURlHlAAyRSQAAIzCu4AAC3o2gAAvn2MAAGNInQAAD7U6AAAh4C0A
Date: Wed, 12 Oct 2022 13:09:14 +0000
Message-ID: <0A366CB8-8DC1-4D47-80BB-6D5AB84A9ED6@oracle.com>
References: <MN2PR06MB559764EE48BCDC120C15D320E15D9@MN2PR06MB5597.namprd06.prod.outlook.com> <240969EB-C93A-4D81-A4DF-D105A1E22EF1@oracle.com> <CADaq8jecRu_ob91fht6XrqL3xhs6=EVx3s0FakY5yi=V3g39XA@mail.gmail.com> <90B5901A-594C-4AF1-A028-45238BF28335@oracle.com> <CADaq8je-fNkmF0vjGBvy60hvPAMJz0bgMoHSebdaP-yG2R5i4Q@mail.gmail.com> <9B8CFC4E-0DEF-4B8D-871D-7D313B419E63@oracle.com> <CADaq8jegdk4w3pzr+Ea4SUUo_+wsXiub6m5nfypQZ-HjkN+zNA@mail.gmail.com>
In-Reply-To: <CADaq8jegdk4w3pzr+Ea4SUUo_+wsXiub6m5nfypQZ-HjkN+zNA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0PR10MB5128:EE_|BY5PR10MB4146:EE_
x-ms-office365-filtering-correlation-id: 2b4494bc-bacb-4b5f-e21c-08daac52f678
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: N/D3IT6w/Nwvx7MP+YTyOlaQAIcp2L+DQtXO9/rDtTRFxbM9JA9HDoKRgIikwADtR73sHtGNOqSRp+5lN3rh4T3Q4k/4i2/fTypQ/ZRlE5TUMj2DH5GqJDtXfbf0Ha4/ZJVTuBuxIaDJdSlYvbZb6o4Zf1DsEy7XO00lqEL2VTkpzsqgaG9WsgdNCvdX3jzM79gVKTTWWfgjqHtEmreYWJNi/uGIyW/kjiZhf5Tcct2UXMELREaDBkdFg0wGoHh79rkLayto4wgDA68+Xl5OxTixnyxOUeH7h5FmjSwDHliJGwh3JYib/v5sWep6nf5qOFObFUqNezECEpqeTFl9CV+3u8EHp2S58+xvuD5mZNwKqBqUa55RY4NeR55kM0RsE/l/RUMOsOY4xq1qsVItVan8ny119RYrqyA4W661r3amSn9WZPip25QPvunfmx1zlBDbS3S72mUUTgHxlUtxKw0hGzwvNU5UjazKRy/FQPu5JJyCstkTE2LpThsh1trHf1pJOgZ4OWorzff5pausTDBIDmA8zYDzu/EeLh+Ei2mZgMI37B4AMgi0/vyqcrGoKvLjtSS5epT7YK6Q7527d7lf3RXesSZyPrf9D5zqu4mgzcCCH+0PTQOcHeH1XLFeieIlwAWpL1YWaQ6co219rGY5j9VZivnPCj3HhpvYErqY/rtB6qteVhz6PW9wrEeJQl3UU6sXkkNuyTOJ2NWl4L3QXdvYcSzOvJQ5BSNDhalEMlc91XZMqUi+3SoLEud93oS9fxXxG43jVsN5f1KklNFoo69XcDXhRB1hPkaDW4Q=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0PR10MB5128.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(346002)(39860400002)(376002)(136003)(366004)(396003)(451199015)(66946007)(6916009)(36756003)(66899015)(86362001)(76116006)(38070700005)(8676002)(186003)(2616005)(122000001)(6506007)(91956017)(53546011)(64756008)(66556008)(6512007)(4326008)(26005)(71200400001)(38100700002)(6486002)(316002)(33656002)(66476007)(478600001)(5660300002)(2906002)(83380400001)(41300700001)(54906003)(66446008)(8936002)(15650500001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Oxg63OHeD5Qt7WkQ4RiEJ1oIB9dqR8cGdGPMjkNPW5+bG4EJh/bIcZxytOgt6zTX9f8QxlL8J8P4/ThfKyGUkPEnln4CMVV9V64gXq3SOrTrjYAs8ihl+ywo17pWV9ifB4Jna07LXIsJWQ8/sjxy2utwqgBQXnC+E4/0CqP+EO8Q37nVn0A4eDviA+HpbupZmh6ooOkeWy++o2bpv4CscOCnEKOGLsriLB6gyzDKZwYfsXlD+hza/BhtbmHJ3a+tbIpp1Gc62zlxju6T1oCM9Z1zu9XTOOYHUEJVDtRRWmqE2wavLyrCq6tJ2FR5Y5C8g0K7iwaE5K2rN3/232NAInSMfT0epafWZ+7bXxso/1wak4UFsSvjTNIDtan6BkBLBNWHf/Ht8sfmkx0pUX299P4LamUeNmHkTHkdbXrM9Kt0nO1dmCmFxQKqh8PtHB4TzJawkVmQIzFGayS5RfuCV6L41jxSA353hQ7CQn6Fup3w0Sz0srgBW/+/muxPmINhTDaFLA+Y6TCSK+w4le2sGbNNe/FXXtLENLKcUiHI9BnayORdGXiwou6txliitLfgSGQ7D4iMAee6bXY1nmxgSituYCWoidNK4A5pfOL2aTeF+mL9zya92V4eSe4mVg93aMmmnrQ9B7O1ZJoY3dvEDkWerhX28agYXCKkhL0SaKhYxlTuMGn3TsHdTambLTz+rCBVrgqhS+IxBCXEb/9HcIis369VWqmivTgSB3CfH53LtNmUjwiYqo0plVvKSniELDPNLO33TAuleY5jRdb8J1b4PxtjlJwOieRCvk8Agps4lCiACD/QyJRVLz6R1XIaLl2EKP/t4kJ7qVRPGd2NLUGAbgEovTbICGt+IGB24r5ri85ngxS5GKGRElmsCW5ZZwxh8nM907hlx+VAM+oTOqg1su920+rbLcetxyobIk+ckUH+fO24Ljw6xqM/gBza3vjYLUsYRsmMl7W1epaFUeviF9S+RSOThO60unDUtiluppgI8fYRb0yN0j2tEjLzV/ubTs6vN+DfuEDzDYsooxsWvrh80RC6jyDGut4zIuMN/jqAhLzWgD27t6WlrtCdjR+zXOf4XTSp8d29diJTv3FmFSKOOHGka3mRrkVi3RPQm3PRKB+xcOmzf/wsbSIBYK0QOFVunMcTyw4mJxKdJdLA6u+DkGtoCEZ2RvwNNHwTSWRkVn+bukdU+RVXwCJfgRWbvuoB4mBm2tNz94Fa+7iqCiDANCY+A1c07zcih7sV/yjPq4g8JZxa16M1VMTBgUb4tTnzZz+OW3L57JpLX7Ywl1SQIOiBFUVN18g4eQsaYpTVF2OYqVTyvCQmLjCIl1SY8m/2iKDlPWmbqKmfownEgISFe+W8+9pThewpfDQRiwksmJEw8Sqw6fQ7XMkUWY2tjWR1BftbdbDKnhxUPQ0SdccjidSUpH9Ey8IgeNwk2ibkxsuFyeaAKXBFuyN4HAaJprk8yu56ZG4rtLE/qRUuLZvQp+eiJfFpOXV9G5V5j+UPry9ms7tKISN9DCbQWJKbS++TzbIIskqaoxm8UdgfQdD2n33/A9A5QQV7n17zSsr+nmbV6Du7KxalkZp7H5Droacnt5VQLOI4RqzCEw==
Content-Type: multipart/alternative; boundary="_000_0A366CB88DC14D4780BB6D5AB84A9ED6oraclecom_"
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5128.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2b4494bc-bacb-4b5f-e21c-08daac52f678
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2022 13:09:14.8290 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Xu9OsyXTnSWtrddGZfcSq8arTZPV0MHlRmBADdCDYR0JsYDRnQIo5MFZ5Dg9dotu70EHrC2fej+Hs/ch8fdhfA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR10MB4146
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-12_06,2022-10-12_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 bulkscore=0 adultscore=0 malwarescore=0 phishscore=0 suspectscore=0 mlxscore=0 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2210120087
X-Proofpoint-GUID: jmoEHW1g489hHtGIv5kXXkpeneI2ZNTe
X-Proofpoint-ORIG-GUID: jmoEHW1g489hHtGIv5kXXkpeneI2ZNTe
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/iJMHSs-82MdWeWzaa7ei8n3RV1U>
Subject: Re: [nfsv4] Update on documents related to rfc5661bis effort.
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2022 13:09:24 -0000


On Oct 11, 2022, at 4:59 PM, David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>> wrote:

As before. My remarks are made as editor of the documents in question and as a wg member.

On Tue, Oct 11, 2022 at 9:29 AM Chuck Lever III <chuck.lever@oracle.com<mailto:chuck.lever@oracle.com>> wrote:


On Oct 9, 2022, at 10:06 AM, David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>> wrote:

As before, my remarks are made as the editor of draft-{ietf,dnoveck}-nfsv4-{internationaization,security,rfc5661bis,rfc5662bis} and a wg member and not as wg co-chair.

On Sat, Oct 8, 2022 at 11:23 AM Chuck Lever III <chuck.lever@oracle.com<mailto:chuck.lever@oracle.com>> wrote:

On Oct 8, 2022, at 5:54 AM, David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>> wrote:

On Wed, Oct 5, 2022, 10:44 AM Chuck Lever III <chuck.lever@oracle.com<mailto:chuck.lever@oracle.com>> wrote:

Thanks for posting your plan!

We already have three WG documents (not counting the RPC/RDMA v2 documents that are to expire), at least two of which might require significant external review. In years past, we had a large body of folks who could help out. But these days, and considering the total number of pages involved, does the WG have enough review and document stewardship resources to proceed with all of these in parallel?

Rfc5661bis has already been put off far too long, so I  really can't see us doing these seriatim.  By the time we get to the bis, it will be difficult to remember the issues, even though they will still need to be dealt with. Sigh!

Note that it is already almost 13 years since rfc5661 was published and that it is clearly deficient in a  number of major areas.  That is why I have devoted a lot of my time to this effort.  I had been assuming that the working group in general was in a position to do its part.  If it isn't, then the working group is in the position of doing extensions to v4.1 without a good description of v4.1, the previous approval of rfc5661 and rfc8881 as a Proposed Standards notwithstanding.

You might misunderstand my concern.

I might or might not understand your concern.  You appear to want to give the three documents you refer to priority over my three documents related to the bis effort.  Since you do not provde any reason for this stance, it is quite hard to understand your position.

I want to give the three existing WG documents (including i18n) a fair shot at available resources because they are already adopted. The other bis documents have not yet been adopted, and I fear that once they are, they will consume all remaining oxygen, leaving nothing left for completing documents that were adopted before them.

It is true that progress on pnfs-nvme and delstid has been slow but I feel that is primarily because of the details of those specific efforts and not a generalized shortage of resources that might be affected by work on the bis documents going forward.

Again, I'm not talking about the past. I'm looking at what review and stewardship resources are available right now and going forward. So I don't regard the below bullets as relevant to this discussion.


  *    pnfs-nvme has gone way beyond its original milestone and the adopted draft is an informational document while the milestone says "as a Proposed Standard".   There is no indication that this delay is due to  ongoing work on the bis documents which have been making progress independently.
  *   delstid, while adopted, needs significant work to make it ready for IESG submission.   That is primarily because it was left expired without any work for several years.  The bis documents have had no no effect on that and ironically, the only serious review of the document was by me, despite the fact I was working on the bis.

 These document have had a fair shot of available resources and don't see that changing.


The minutiae around adoption of the i18n document were not especially transparent to the WG diaspora.

I'm not sure what you mean or even who the "WG diaspora" might be.   In any case, document adoption was discussed on the mailing list, although I am not aware of any "minutiae" being discussed in connection with wg adoption.

Decisions about chair recusal and the selection of a document steward were announced to the mailing list. I don't recall seeing any discussion of those issues in advance of that announcement. I can only assume that a conversation took place privately, from which those choices arose. My simple request is that such conversations be held in the open instead.


The security document appears to contain new protocol in it,

I don't know what you mean.   rfc5662bis does not change the OTW XDR and any new protocol is discussed as possible future protocol extensions.   Also, note that I originally added discussion of protocol security extensions in response to your request.

but because this effort is officially a bis effort, it should be constrained to documenting existing implementations

I don't agree.   In any case, this is kind of late to shift things to such a restricted model.

I don't believe this is a shift. The generic bis process has always been about dealing with errata and addressing issues with specification language. Innovating as-yet unimplemented protocol would be considered only as a very last resort. I'm not seeking a change in that mission.


It has always been clear that providing a threat analysis  and adapting recommendations to reflect the need for encryption and the security problems with AUTH_SYS were an integral part of this work.

A threat analysis does not need to include new protocol, and any proper discussion of problems with AUTH_SYS really ought to be done without reference to specific encryption mechanisms, since deployments actually have more than one available: Kerberos, TLS, VPN solutions such as wireguard or IPsec, and physically private networks are some examples.

Enumerating security issues with AUTH_SYS without addressing them is still pretty useful, as long as the document can honestly state we are working to address those issues.


I don't see how we can do a security document for NFSv4 that does not do that.   We also have to provide a security considerations section with a real threat analysis.  I don't think we want one that just documents the fact that nfsv4 security is a not in a good state, leading readers to conclude it should not be used.

I'm requesting that the new protocol elements be moved out of this document before it is adopted.

Please be more specifIc about what you mean by "new protocol elements."  It doesn't make sense for me to guess what might strike you that way.

I've already been explicit in this forum about the two areas that are objectionable, but I will summarize them again, lest we continue to be distracted by an undue obsession with my secondary concerns about WG resources.

1. The discussion about the treatment of ACLs needs to carefully describe what existing implementations do. A bis should not introduce new requirements in this area, and to date I have not heard a convincing argument that the security document needs to do so (even though, if I recall correctly, it currently does). I believe it would be irresponsible of the WG to adopt a document that intends to impose new requirements in this area without the agreement of vendors/implementors, as implementation adoption of these new requirements would be unlikely.

2. The originally proposed set of changes to SECINFO included new enumerated values (if I recall correctly) that could be included in the returned flavor list. Based on the tepid feedback we've already received in this area, my conclusion is that this specific area needs to be done with prototypes in collaboration with implementors, which would be a significant impedance to getting the other spec issues addressed in a timely manner. And, again, without consensus amongst implementors/vendors that SECINFO even has a hole that needs to be closed, it's not likely that this new protocol mechanism will be adopted.

My view is that a bis process becomes increasingly unfeasible as the scope of work wanders away from just addressing errata and concerns about spec language. Innovating new protocol needs to be done in concert with implementors, and it really should be done outside of efforts to correct spec errors.

Yes, we have been loose about that in the past, but that has been perhaps to the detriment of the NFS protocol.


I'm not certain why WG adoption is necessary in order to make progress.

It is not, but to make progress while the documents are still at the I-D stage, wg members will have to agree to comment on the draft and help to resolve the issues layed out in Appendix B of security.   So far that hasn't happened and if it doesn't happen now there will not be much progress. 😞

IMO you as the editor of the security document need to organize and drive that conversation. You can't reasonably expect it to arise organically from day-to-day conversation.

--
Chuck Lever

v2.23.0 | Report a Bug | By Email