IETF Logo Mail Archive

Re: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-pseudoflavors-01.txt

Chuck Lever III <chuck.lever@oracle.com> Fri, 28 January 2022 14:57 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B72733A16F7 for <nfsv4@ietfa.amsl.com>; Fri, 28 Jan 2022 06:57:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b=fqoPD3wq; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b=g8JGsdls
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbRkmuY_hd7E for <nfsv4@ietfa.amsl.com>; Fri, 28 Jan 2022 06:57:39 -0800 (PST)
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10C403A16F3 for <nfsv4@ietf.org>; Fri, 28 Jan 2022 06:57:38 -0800 (PST)
Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 20SCxFFk015983; Fri, 28 Jan 2022 14:57:37 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=corp-2021-07-09; bh=X/PwDepW6t7uiqCJk+PQQeqLOSHcXwnY5A8yMBVGFW4=; b=fqoPD3wq3WjUDBJBxMRZ5Mwv1eGLn7lwjgux2thQ//+i9NeHjrATnEElPLQi1Pf6FFJw R0E8llJsjAvXCAnZpN9611fv4LGU2GXYY21pS2L0lPnT3+bW0sq8JvUXvKmYs5etX0vx uLiMc1R1hNXLJmW57R7XBrVBwXV8WdOLkY5tEXsTAeLnIE4hTHWgJQ/945JR4CLOeTi2 8TuZkNQwunJTz9VwW/tO14VPFM7icp7w85bK8tziDzZcDIlXZk2ZnWR64kQRZ5vK5JCX 65AZny6EUW2LpVYYmwWkCODbaHK46FJ5rxv/iZhCjXOLYwtUah753mowR2C1wwbtp8jg RA==
Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by mx0b-00069f02.pphosted.com with ESMTP id 3duxnp327w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jan 2022 14:57:37 +0000
Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.1.2/8.16.1.2) with SMTP id 20SEpSBP125923; Fri, 28 Jan 2022 14:57:36 GMT
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2168.outbound.protection.outlook.com [104.47.55.168]) by aserp3030.oracle.com with ESMTP id 3dr7ynwm4y-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 28 Jan 2022 14:57:35 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hncRsMzeJJ/L8Cc1AsR6QD3S3ZxUc71UqipvQPMEW1Y0KKiwbhGxFsRQt9m6GXj67Me1X6V0Ig0RcTDXVXDE1JmlpKBdL4QFJZQTj3REtv6CDPQxYW/2YltYPdR+yYqXR4wDt3s+7xOJDMWHBMBbIGhjSLaWmV5Ari7R5PSRrutGpEIMZme9w8CzJIkPtZWS0CoAFJQcxawkwuEpVIT3xDR1W5ltfgvD6fgfics2mXrV6EDWBjby6vnqML2Sa0hjcNVAVZvSep4y33gySkVVCM746p4qtmZ/aORMetuOl+YieAFz1Clz0cnQ4eZuaZcA7WyCOkSdmGN/ePkwNS8hjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=X/PwDepW6t7uiqCJk+PQQeqLOSHcXwnY5A8yMBVGFW4=; b=BdcfB5319DThiS7P7ztn3vIz8L48W8Dm2rNwh7ETX7y+Wn159I37Mkt5NOKjgpx27FHhKqHRgmO+8M/JpJo1x6ktxCQqBbD/yV2m3PKYKrAeDPPbStukLFK7d63v0aLMIuEbapj3oqItx88mW/Zy1ATvnY5E2VJltLz84iuX5VR6H9Nb63SmnJgfwKr8ifx8+ijsvc6CmMAH9rerg/Y/r4N0IUNfR1q6jjs5uymeH6uD0Z+/7O6k+3WsDMHV8DTfoG+7XJNGH3944kIl/5ip21OIhThKGeNlvqoEnFX8b8k+BkPhnP9nERX9bN3rYYRF06HmH9saS9tW29Lf/aug0Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=X/PwDepW6t7uiqCJk+PQQeqLOSHcXwnY5A8yMBVGFW4=; b=g8JGsdlsZk0WwlmHvBkA+oA9ir7Ip9HJk9JBE7egPk+ql8Sh3RwcTS8i5tnbujitTawgqdUrbi7hY6JW7GromTMNnku0/femY9x3zXouZw87+HALLScwa2ac8LTFooBppV3t1gj6qnDoVMpZmojElSX02IoC+FZbi+z5BfWJr+A=
Received: from CH0PR10MB4858.namprd10.prod.outlook.com (2603:10b6:610:cb::17) by DM6PR10MB3499.namprd10.prod.outlook.com (2603:10b6:5:178::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.15; Fri, 28 Jan 2022 14:57:34 +0000
Received: from CH0PR10MB4858.namprd10.prod.outlook.com ([fe80::1490:125c:62cd:6082]) by CH0PR10MB4858.namprd10.prod.outlook.com ([fe80::1490:125c:62cd:6082%4]) with mapi id 15.20.4930.019; Fri, 28 Jan 2022 14:57:34 +0000
From: Chuck Lever III <chuck.lever@oracle.com>
To: David Noveck <davenoveck@gmail.com>
CC: Rick Macklem <rmacklem@uoguelph.ca>, NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-pseudoflavors-01.txt
Thread-Index: AQHX8dLiWE18e0mreU6s8CrgzTT2Naw7+pCJgADOhYCAPAIHgA==
Date: Fri, 28 Jan 2022 14:57:34 +0000
Message-ID: <E79774B9-7AA6-4FCD-976B-CCF16EEFAF09@oracle.com>
References: <163958660330.32050.8348110755078780324@ietfa.amsl.com> <EBB4F589-9EFC-4AB6-A66D-7DB556550E12@oracle.com> <YQXPR0101MB0968C1BA8B49146C423C41C0DD7B9@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <CADaq8jdvbNDZ1ppwfnuBDcjgXyJh-JEA2XJ2vY=hm5TMHgA=pg@mail.gmail.com>
In-Reply-To: <CADaq8jdvbNDZ1ppwfnuBDcjgXyJh-JEA2XJ2vY=hm5TMHgA=pg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.120.0.1.13)
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 931324d2-06ff-4c3c-2fa0-08d9e26e842f
x-ms-traffictypediagnostic: DM6PR10MB3499:EE_
x-microsoft-antispam-prvs: <DM6PR10MB34992D40F314BF5339FF979F93229@DM6PR10MB3499.namprd10.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Zr33911H8OhAEvWqsnmMNfiTKeYX2NBQYsXqk9iw0mWA5GuPBs6FFWDZlGA9hSgwUigBPExegkjLH+LtYCGocNargyjvCGuK5YPNpWk9IpagMaAiuPCvROMdjvAZN1QD34gzFIN6/cxSOFZdsJw8zmbBvYA8W0NuJQA9FWcpUWlMwNUAw5sb4zB7s/CxXFZgPPIqlOXHEqx2lei63tVtb6aKePUvIeCzbEDggkWZ4UXNttz76JWBBGnDfbPHpRg+B2CWQLBVpxTZBv99G4eGQuYIpCWUyqrFu4wFukqYx4b5GXDjRTQe1uZeeR99AQ+B4rMdKV8b8p+qnqwnnRYHmJEHKYd2KlbdwhXCdUFqWWck7TACRw/bfyzLCjbDJ/qDp5GQuLFOS9f76pnA1w4YaJ/We3tY4NtMDiPu/BwHod6LVzhYtzVjH7BfBA/5l0DWSZgzyluzgly88yTZzYcUUBW7Y9j33/tEo8YhIpoB3LSkf3+xAOnda9+23/Uzwd2m4scN7WlrjU8Su4+3xCaxZiYUvCssiXLP7BrAGeJ2jwEKXmMV8uoErlsE5uYiRvv0Dh5PktTNhScxZuPyxAtBxo4K+OlBUNV9NG4NpvA1dW2BKP64PKGtE5L14zQPmdrnn23KEgyq0QoZ1ErHWcQGh2x3i26OznO9XDtahrcvoMH9JkBxAihI/b89wW1J+e4hVNGeOoAIXVYY07OOSlvR1XljpXHwdoQXlxCgJr3Me8rKIKwpZOXTs3RyglgQNG55
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR10MB4858.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(5660300002)(33656002)(508600001)(54906003)(26005)(316002)(38100700002)(6486002)(6916009)(2906002)(15650500001)(122000001)(86362001)(186003)(66556008)(66946007)(66476007)(83380400001)(2616005)(4326008)(71200400001)(76116006)(8676002)(66446008)(64756008)(8936002)(6506007)(53546011)(36756003)(38070700005)(6512007)(45980500001)(20210929001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Lx7l6FKkExkIgVofNoB1dovjBvhlsgIFW80su60rldXCoRMurGxegNNo/QwFQS3mRTGRD/BmoyDBO9TCY1hFg229RnIuoBz71Sf/u4Pv2sQWXfpA5Q9j2qRXQq8/FiYG3gMMyTUlXzgvstgcu1cdpFzbffjmJqDxcUYgiSodDlJYO8rnhYjiM5grpoe1LUbkCFy/3MpWPR/CV6f8bqJKCDTCe9aOcbeP/lKtpkHEIv5+ZDh8FhN03mj/q3jaP+AnlvAiBgAuZfMgtkH/pWH3yaQvNemRGov/WhI+RrV/I0LjByuy7Zw3cloQ/zOmdYBqPN3tYrx9WOkOJT07to4kY236Qafa9OBbnE6acBWxDGTWU+GQkuzAWE/0i3o5e2SoH7E65r8BZk71iIJQGZ2Lj+WEkcjgNdBkpf/YZwWaV9HuatsIuII3q3L7o7JS+js2nhK3BZmNB/uSvbK1/YGjXtit4x73XMYXOZZFeIIKxEaUX+O3MRfIn79/MXhNRrQhhTKrsdbhiilWTrGJrTefVsM/V5i3Z2grWFqrprr1yevf9gfXQRWacTXlBfhwyM/IQulXvKdpgIPUjuBlV8koFDwYE2+CVZ0S10MvxLr1j+GsNWAGEpRQzLm70fEkO/SKwci+m+qFiIj7ucUzVUPz8F65kHWTixWN4QRTyw6o0rm6VFLdQRyQA7A5UwW0RCDOpLhFtPJIOSNZ9DJKH4vuF6lGr28vzn7fHQshtPVT+Skqa5WczCJu6t5gqlnvLt9heJOk4V8blaIJavoS4G0sCVYI1oJddzXpSVTiIIHRLZAZJUfGZM1aQQZWnw/o13iIWhGxoY2LggP5jOB6K85ZsNZAB99xt6OsLfSV2jAhh2UfNIKgvs1jiJ8yTmmSDdeP0frVcTeYVzHnmeb2Hyu7njQec+YaKlu6lNiCnLUqXfpGckEQufBKdDjuVDVBKLS53BfY/DqrE2bUSRlb88KaSKAa5JFNYni8OiqfHEtfizlXkqARDY7jY0Y221wGBoWHCy/n/8R0GGuTXxk1wYtHMZOAus8ePSzFrwUQILQ296KY0R6+1Ybljr8ndOROqbOfZ3h30k9qXzPpHxZpSoZ8cKzxeIqUYOZoT1jvBRSASDfnzEwm2yhB0o6iPfbvsl4uj5Yy/ikSSqIjCs840DrEPUVqeQ5ux2Ew1u/9YQzRf1CLmRnOEQDsSk2SZJYgMk8esZsUxcicGLDu+WTFu4M4QRyFCCdifgHEdyADxmGvbGp+htkmRR2khfnkyDjm1AXZkckveplSs2W2BjhkwIE/TRCe9FDZkNUbeNVAYj5nm6/IQU9/fKp1dOCDbGhpxTCYJ2AdEqQ66o1Q0QjbnTS4VMWkkcr+z2XexaRq3+ewlhBnsRrBY+T+pgZN9fGGtTemcvmqmE2tynxG/d4YcIn0YEwLYD8TG7AQ4YIDrA8TtX2qe6G+cQYUPLrfsbFr7HYs5ZPVpz2PQUvdVlvazTYOJiQcBYIH1ER9mcI7dKWdaFHHNjqgV6T2WHS2wDqvZ9O2xgkFsLlkLdsOOVp8wvK1dYK4ui82GU92Y6nzKmXzmFpyYqSMavm4xsHc9ygi978aM4dP/KieldRkyTqmuuD/ERmItfbCiDXWrt9r4BWSxE0=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <63B3C2501638EB4288867FC6C4D46A89@namprd10.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR10MB4858.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 931324d2-06ff-4c3c-2fa0-08d9e26e842f
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jan 2022 14:57:34.0194 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: a4opmMp3KXWoc1mkyQDIQVPRbouO/SB4X5e0WlcJzKdvO5DTA0dxjqf5pIxC3ePqpFhvHmjCffaLeukEXruMbg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR10MB3499
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10240 signatures=669575
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 phishscore=0 bulkscore=0 suspectscore=0 malwarescore=0 adultscore=0 mlxlogscore=999 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2201280093
X-Proofpoint-GUID: 1I3oK-96q06rIxdTakTA0-im2jxA76ye
X-Proofpoint-ORIG-GUID: 1I3oK-96q06rIxdTakTA0-im2jxA76ye
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/jg3X_-V7_MOyGSNR1oQMjKFVzb8>
Subject: Re: [nfsv4] New Version Notification for draft-cel-nfsv4-rpc-tls-pseudoflavors-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jan 2022 14:57:55 -0000


> On Dec 21, 2021, at 5:34 AM, David Noveck <davenoveck@gmail.com> wrote:
> 
> > Btw, I like your idea to have ExchangeID return 
> > NFS4ERR_WRONG_CRED.
> 
> I do as well.
> 
> > Hopefully, this minor change to RFC8881 is acceptable for others.
> 
> I had tried to address this issue in security-03, but reading Chuck's text has convinced me that further work will be needed.
> 
> There is no time to do this in security-04, which will be our by Christmas.  Given the need to address both 4.0 and 4.1 there will have to be discussion of how to divide this material between security-05 and rfc5661bis.

Is there any objection to adopting
rpc-tls-pseudoflavors as a WG document?

I was reminded recently that somewhere we have to mandate
the use of RPC-with-TLS on the backchannel connection when
an NFSv4.0 client connects using RPC-with-TLS on the forward
channel. IMO that mandate belongs in nfsv4-security.

Also, I'd like to discuss how to divide the material in
Section 5.2.1 between rpc-tls-pseudoflavors and
nfsv4-security. Where do we begin?


--
Chuck Lever

v2.23.0 | Report a Bug | By Email