IETF Logo Mail Archive

Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-xattrs-05: (with DISCUSS)

Eric Rescorla <ekr@rtfm.com> Mon, 05 June 2017 20:15 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E642A1270A7 for <nfsv4@ietfa.amsl.com>; Mon, 5 Jun 2017 13:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WywtcrACdtCj for <nfsv4@ietfa.amsl.com>; Mon, 5 Jun 2017 13:15:56 -0700 (PDT)
Received: from mail-yb0-x233.google.com (mail-yb0-x233.google.com [IPv6:2607:f8b0:4002:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 768B612951C for <nfsv4@ietf.org>; Mon, 5 Jun 2017 13:15:56 -0700 (PDT)
Received: by mail-yb0-x233.google.com with SMTP id o9so19825164yba.3 for <nfsv4@ietf.org>; Mon, 05 Jun 2017 13:15:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LLA6oTB1PT+dLo5323Y7ZL/POVtlqbuveM+7B/iJSGs=; b=vugKReVDXN+gf1g5zYyQLHkWefDS55E+l1K/zo7yzdCo9ykXOdfEzknVeuNzXt3e1+ 8IQlQqieyazC9AhIUpRrfYJBI1PteZmCqQ2p+8NzgpJSYDwKEdk15jDuQOu0xNEpPBFV SXaUtSVGgRmcvuhiR3ptJDEzGtV8YV1lV4ivr29wJ4CdzzkRjVSA5CTdW0xpQzDpz+PR 9UFXs7Lvrx4LGw9Gi6PHG/HHlczTdc0LMZt3kMfbEx+ojnPQmYw5gk9okNneY+CHvUBC vTiWCRY3LF3k0QLqQ/3MXkilvpPOQvGZQ4YNPicjRAPOFYE1Iyvz0Uu3A2RJuOUZLTz1 EuWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LLA6oTB1PT+dLo5323Y7ZL/POVtlqbuveM+7B/iJSGs=; b=Yk7ODJy3VEUZhA7n+lKZp0Sg+r5cs+6j2UB1jd0mLvp7nk3zg7tDC7q0oAQRa0hlJ4 QCHkPnjf7l2OjxOQUXP4iKdtsD8w4sUBXOfrppNFBHLqY3+5VDicPWJ7WUnx6qE27YR5 6Guo3Y/03F6c1wf18G/9mDwHh7bFJYWFRwHlWR1rZhCtgk2M+R6cojGYRD0c/NkThaZB caJ+sqNC3bAbtNX3S7mi95h7gtjxwXLhLCqp8BdaxMRQ8+w7Xqw7J2K6tsX/jS1kIVWe oGu78z0QsjHhzRzIP2wHvonhWo85kcj2uC3KTO+puR88mAgeg7a2Ow5fV7Y8bdgShAIQ Oi/g==
X-Gm-Message-State: AODbwcBu4qsVF3qdDhNq3mokQ3IsQBEx0dEbvtGUZ8N0tRaPFFgSKFJb 9Zd1V6QT4nvA2rA3u6SksSdoVllaM4LD
X-Received: by 10.37.68.87 with SMTP id r84mr169962yba.229.1496693755694; Mon, 05 Jun 2017 13:15:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.4 with HTTP; Mon, 5 Jun 2017 13:15:15 -0700 (PDT)
In-Reply-To: <CADaq8jf8XHGgeuBX8Ai2R-gS_i0abR5QT+TVdb7UeOSeDNUVAA@mail.gmail.com>
References: <149559305147.28562.14990485255783585477.idtracker@ietfa.amsl.com> <CAKKJt-cHEoBeP++YP-=FWmVTWkoLWLa5OZ=sDYT7kEBrDvvOiw@mail.gmail.com> <CABcZeBPc9U1D+sSOnz2_3MwVn527ruuqqWoCsZYafx_rLwpyAQ@mail.gmail.com> <CAKKJt-dcjiMFk0NyD-UrBQrtKAZgWaVzcxY67YSDOu0ZVNw9Ng@mail.gmail.com> <CAKKJt-ceK3r8=HXArenmNXpt8bk2MuKbkPL-qoNPZMrHHETfJg@mail.gmail.com> <20170525152957.GV10188@localhost> <OFE1A7E856.598CE2A7-ON8825812B.00586825-8825812B.0058FAF1@notes.na.collabserv.com> <20170525182246.GW10188@localhost> <20170605183938.GA831@fieldses.org> <20170605185620.GH2903@localhost> <CADaq8jf8XHGgeuBX8Ai2R-gS_i0abR5QT+TVdb7UeOSeDNUVAA@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 05 Jun 2017 22:15:15 +0200
Message-ID: <CABcZeBOG1hk_X8Mnip8+VX-iNsjytB4ypnmr94WE=mmXQS=Uaw@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
Cc: Nico Williams <nico@cryptonector.com>, "J. Bruce Fields" <bfields@fieldses.org>, draft-ietf-nfsv4-xattrs@ietf.org, "nfsv4-chairs@ietf.org" <nfsv4-chairs@ietf.org>, NFSv4 <nfsv4@ietf.org>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a113f5f3ea58baf05513c2b59"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/lrx8C0SAn-mflL0ttcJMpfWz82U>
Subject: Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-xattrs-05: (with DISCUSS)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jun 2017 20:16:00 -0000

On Mon, Jun 5, 2017 at 9:30 PM, David Noveck <davenoveck@gmail.com> wrote:

> > I see a "system xattrs" extension in NFSv4's future.
>
> I don't and a lot of other people don't but if you want to propose one,
> you can.
>
> > You should at least allow for namespace reservations for system xattrs.
> > I notice you didn't.  Do it now, while you still can!
>
> As I understand it, the last chance to make this sort of change without
> major
> disruption to the process was when WGLC ended in December 2016.  The
> review of
> the document past that point proceeded on the understanding that only
> user xattrs
> would be supported and that fact was an important part of the authors'
> response to
> some of the security concerns that had been raised during IESG
> evaluation.
>
> > I hope some AD makes that a DISCUSS.
>
> It didn't happen and the document has been approved.
>

Actually, the document hasn't been approved. I'm still holding a discuss
pending
resolution of this topic. As I think I made clear in my discuss, I think
it's fine for
you to document this issue (or explain why it's not so) but the document
does
in fact need to do so.

-Ekr


>   I'm not sure exactly what
> changes are being awaited before the announcement is sent out but I don't
> expect that
> a late DISCUSS asking for inclusion of  system xattrs is among them.
>
> On Mon, Jun 5, 2017 at 2:56 PM, Nico Williams <nico@cryptonector.com>
> wrote:
>
>> On Mon, Jun 05, 2017 at 02:39:38PM -0400, J. Bruce Fields wrote:
>> > On Thu, May 25, 2017 at 01:22:47PM -0500, Nico Williams wrote:
>> > > On Thu, May 25, 2017 at 09:11:53AM -0700, Marc Eshel wrote:
>> > > > We had a lot of discussions in the WG about the security
>> implications and
>> > > > we decided to stay a way of defining different types of xattr. This
>> is
>> > > > user only xattr for the applications to use and it should be
>> handled as an
>> > > > extension to the data in the file without any meaning for the
>> protocol. If
>> > > > it is not clear enough we can fix the text and add a warning.
>> > >
>> > > That's fair, but the point is that the security considerations should
>> be
>> > > very explicit as to this.  MUST/MUST NOT language is called for.
>> >
>> > https://tools.ietf.org/html/draft-ietf-nfsv4-xattrs-05#section-5
>> >
>> > "Xattr keys and values MUST NOT be interpreted by the NFS clients and
>> > servers"
>> >
>> > (and the rest of that paragraph).
>>
>> I see a "system xattrs" extension in NFSv4's future.
>>
>> You should at least allow for namespace reservations for system xattrs.
>> I notice you didn't.  Do it now, while you still can!
>>
>> I hope some AD makes that a DISCUSS.
>>
>> If it fell on me to add system attrs later, I might just store them
>> normal xattrs signed by a "system" key.  That actually may well be the
>> best way to do it in any case[0], in which case allowing this I-D to
>> proceed without even a namespace reservation would probably be fine.
>> However, I think it makes sense to make sure that you're not painting
>> yourselves into a corner, and that should be done now, not later.
>>
>> [0]  I doubt it.  For one, it creates yet another key management problem
>>      that we should all rather not have.
>>
>> Nico
>> --
>>
>> _______________________________________________
>> nfsv4 mailing list
>> nfsv4@ietf.org
>> https://www.ietf.org/mailman/listinfo/nfsv4
>>
>
>

v2.23.0 | Report a Bug | By Email