Re: [nfsv4] AD review: draft-ietf-nfsv4-rpcsec-gss-v2-03
"Mike Eisler" <mre-ietf@eisler.com> Mon, 18 August 2008 19:43 UTC
Return-Path: <nfsv4-bounces@ietf.org>
X-Original-To: nfsv4-archive@megatron.ietf.org
Delivered-To: ietfarch-nfsv4-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 78B033A6BE2; Mon, 18 Aug 2008 12:43:44 -0700 (PDT)
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 098273A6BE2 for <nfsv4@core3.amsl.com>; Mon, 18 Aug 2008 12:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MTiHbTw4qmkA for <nfsv4@core3.amsl.com>; Mon, 18 Aug 2008 12:43:31 -0700 (PDT)
Received: from webmail1.sd.dreamhost.com (sd-green-dreamhost-133.dreamhost.com [208.97.187.133]) by core3.amsl.com (Postfix) with ESMTP id 46D333A68B7 for <nfsv4@ietf.org>; Mon, 18 Aug 2008 12:43:30 -0700 (PDT)
Received: from webmail.eisler.com (localhost [127.0.0.1]) by webmail1.sd.dreamhost.com (Postfix) with ESMTP id D8EF72C187; Mon, 18 Aug 2008 12:43:49 -0700 (PDT)
Received: from 198.95.226.230 (SquirrelMail authenticated user mre-ietf@eisler.com) by webmail.eisler.com with HTTP; Mon, 18 Aug 2008 12:43:49 -0700 (PDT)
Message-ID: <16860.198.95.226.230.1219088629.squirrel@webmail.eisler.com>
In-Reply-To: <A3E4032C-4853-4BE3-8AD2-1EA999C4DB73@nokia.com>
References: <A3E4032C-4853-4BE3-8AD2-1EA999C4DB73@nokia.com>
Date: Mon, 18 Aug 2008 12:43:49 -0700
From: Mike Eisler <mre-ietf@eisler.com>
To: Lars Eggert <lars.eggert@nokia.com>
User-Agent: SquirrelMail/1.4.10a
MIME-Version: 1.0
Cc: NFSv4 <nfsv4@ietf.org>
Subject: Re: [nfsv4] AD review: draft-ietf-nfsv4-rpcsec-gss-v2-03
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: nfsv4-bounces@ietf.org
Errors-To: nfsv4-bounces@ietf.org
On Mon, August 11, 2008 3:05 am, Lars Eggert wrote: > Section 1, paragraph 0: > > RPCSEC_GSS version 2 (RPCSEC_GSSv2) is the same as RPCSEC_GSS > version > > 1 (RPCSEC_GSSv1) except that support for channel bindings has been > > added. > > I'd be good to add a citation to [2] for RPCSEC_GSSv1 and RFC5056 for > "channel bindings." We can do that with an RFC Editor Note - send me > one. I agree it would be good. But xml2rfc doesn't allow abstracts to have xrefs. Since the i-d state at http://tools.ietf.org/wg/nfsv4/draft-ietf-nfsv4-rpcsec-gss-v2/ says, AD Evaluation::Revised ID Needed I pushed a new i-d (-04) with crefs that ask the RFC editor to correct. > > > Section 7., paragraph 1: > > The security considerations are the same as [2]. > > This document is all about applying a security mechanism (channel > bindings) to [2]. Surely this raises new security considerations? > If not, please explain why not - this is surely something the > security > directorate will want to know. Agreed. Nico provided some useful ideas for security considerations. These are now in -04. > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4 > -- Mike Eisler, Senior Technical Director, NetApp, 719 599 9026, http://blogs.netapp.com/eislers_nfs_blog/ _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] AD review: draft-ietf-nfsv4-rpcsec-gss-v2… Lars Eggert
- Re: [nfsv4] AD review: draft-ietf-nfsv4-rpcsec-gs… Mike Eisler
- Re: [nfsv4] AD review: draft-ietf-nfsv4-rpcsec-gs… Lars Eggert
- Re: [nfsv4] AD review: draft-ietf-nfsv4-rpcsec-gs… Mike Eisler