IETF Logo Mail Archive

Re: [nfsv4] NFS over TLS for laptops

Chuck Lever <chuck.lever@oracle.com> Thu, 31 December 2020 18:06 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91A1F3A0E12 for <nfsv4@ietfa.amsl.com>; Thu, 31 Dec 2020 10:06:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3pMXNCZrZSv4 for <nfsv4@ietfa.amsl.com>; Thu, 31 Dec 2020 10:06:11 -0800 (PST)
Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC7683A0E11 for <nfsv4@ietf.org>; Thu, 31 Dec 2020 10:06:11 -0800 (PST)
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 0BVI51Mk085504; Thu, 31 Dec 2020 18:06:06 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2020-01-29; bh=ANRgPeKIBKsS182G89vlK2yX4KPURG68Ze4m4HsDMV4=; b=gC3WqDXWj6N+2QCUqzd4PXgikDax9z2VupCQe1IE4YIUhK7KCJP6dt3zEXOyZwpnjAE0 aXK9eOAD/0y4Dqz4JgVcKieG/yZo3d6bwWbeYy7c6LdG7/I9dU5Po4NFjIUjRB8EafGm 8rQ7A8whwHIbKZ355Lo0fu4iunaZPL7g8ZG7XEv54FXtTAMWwK85Lm5XaWRA/EBvT4Iz cakOoh0GFTsKtrJGuIDGs5l23IwDqnNpm0p6Qg9ucBBOHTSMVKbDbyOXJS87G54Dz5tu sWLvVBT/bJZQFi1nqbB8g1wGm2wtD3pnoyh4RyzLEU8pNdKZweIMqUns8ZT4EnuBbP8o vg==
Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by aserp2120.oracle.com with ESMTP id 35phm1jhjq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 31 Dec 2020 18:06:06 +0000
Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 0BVI659x105395; Thu, 31 Dec 2020 18:06:06 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by userp3020.oracle.com with ESMTP id 35pexubu3g-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 31 Dec 2020 18:06:05 +0000
Received: from abhmp0013.oracle.com (abhmp0013.oracle.com [141.146.116.19]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 0BVI5r2s028864; Thu, 31 Dec 2020 18:05:53 GMT
Received: from anon-dhcp-152.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 31 Dec 2020 10:05:53 -0800
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Chuck Lever <chuck.lever@oracle.com>
In-Reply-To: <688147CD-DE27-4657-9678-EB0399D9A16D@gmail.com>
Date: Thu, 31 Dec 2020 13:05:52 -0500
Cc: Rick Macklem <rmacklem@uoguelph.ca>, Benjamin Kaduk <kaduk@mit.edu>, nfsv4@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <628F3934-DF68-4AB2-914D-44E93F9CC31A@oracle.com>
References: <YQXPR0101MB096833395FEE6E63590BE7B5DDD60@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <688147CD-DE27-4657-9678-EB0399D9A16D@gmail.com>
To: Craig Everhart <cfeverhart@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9851 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 adultscore=0 spamscore=0 malwarescore=0 mlxscore=0 mlxlogscore=999 bulkscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012310111
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9851 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 priorityscore=1501 mlxscore=0 mlxlogscore=999 adultscore=0 bulkscore=0 malwarescore=0 spamscore=0 impostorscore=0 phishscore=0 clxscore=1011 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012310111
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/mVXpttOocco7k1l3LHI1gUmvKks>
Subject: Re: [nfsv4] NFS over TLS for laptops
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2020 18:06:14 -0000


> On Dec 31, 2020, at 12:37 PM, Craig Everhart <cfeverhart@gmail.com> wrote:
> 
> Am I the only clueless one who doesn’t understand what “TLS squashing” is or means?  If so I’ll go back to background and try to trawl old emails.  Otherwise, perhaps you could enlighten.

The original term was "TLS identity squashing" which I coined earlier
in this thread. It has come to mean that the NFS server has a security
policy that squashes AUTH_SYS user identities to a single UID, based
on the client's TLS identity (x.509 certificate or pre-shared key).


--
Chuck Lever

v2.23.0 | Report a Bug | By Email