Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-acls-00.txt
Rick Macklem <rick.macklem@gmail.com> Tue, 19 March 2024 01:27 UTC
Return-Path: <rick.macklem@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 663ADC151072 for <nfsv4@ietfa.amsl.com>; Mon, 18 Mar 2024 18:27:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSZ2z6SMElXi for <nfsv4@ietfa.amsl.com>; Mon, 18 Mar 2024 18:27:40 -0700 (PDT)
Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96E44C14F6B9 for <nfsv4@ietf.org>; Mon, 18 Mar 2024 18:27:40 -0700 (PDT)
Received: by mail-pg1-x52a.google.com with SMTP id 41be03b00d2f7-5dbd519bde6so3784711a12.1 for <nfsv4@ietf.org>; Mon, 18 Mar 2024 18:27:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710811660; x=1711416460; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=3fwhfaWNBbMcGaekg2tt7ojrwbgwiKmAJ1fiADA7F0Y=; b=EYs8BLNnm5+q8eJRcNkxANcpnFjsumdq2VKPoMpo8u7MFRrc9sJRrPtTz/GRiyHNuu lE9oTmtZTTcoE+N54mCVTSpEmMPm5Gsc2y80eI9BUzb3ZXD05jcAL2Y4ysaRkgsqDAfo ni6QclRGQEeRTGwNcmQD9jxtnDhJB2pI49miGNJkwwoslFWqD1/iaLvfdlUi26kvNJd6 M+IHwejFX4IM9XI261q+TlX3SIr5MHOwQlTyptfvjULLKDetucRsFyj231k5pI1PnXkZ UTbRlqIu5oRhYBOaf9D2FkUgE0G/3PqY+6WE373Hwi5V7wtC+JyHwEombaNQ6nHOFAwW OoGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710811660; x=1711416460; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3fwhfaWNBbMcGaekg2tt7ojrwbgwiKmAJ1fiADA7F0Y=; b=GRhi6+arpS3RpiB43w/Ehh5YAWggGIWOB5650HEanm6wBy5ZA4NacIgOazf/4cLDjz EVitB4S/DZolK71FRBn9RKOs1y9NMlgyKlfBBLlCz9oySFVBBCHxakjTESgmtZ/BAdhT HMTWLuLFJ6dUHEMU5/o0oFoMPE5myBZ7CFnXvsUwCIDFgex5Yjhg4YBiEipTqh28r54X vssiELJsMPOhg5aLjXfWhH63vxTQ6KJ4zk16jO+15yXx2VuC2vwybBzSva5BkMGkzJRD KpD6rYTQQlgOxEYOesMXSd75ZDuf5kYOxaBhzj39KV5ivbYRJxWqq2i8jgYUzTIBzkyE JLkQ==
X-Gm-Message-State: AOJu0YybXw1Vk7tbWEnm3tQTgH7NXWckiMHtLWqZrUP+B2WRknBpDXov OL3flpvSfCOtrpJSxVlAQieRHeTEFqR7QXhYPqHztS8r/ZEiDO0shKCJs5TPKTATLE3ArPFqB5x lElsuW9jqdfrvqQa/uJ3V0d8qEDgXeoU=
X-Google-Smtp-Source: AGHT+IGyOGkNHm6CQ73s9AIknemw1h76bsU4e5FW/9SIJUlVQ2JZa0nuubcorRjxG62eN2/3eWf4vwgZg5fyblWz/uw=
X-Received: by 2002:a05:6a21:3a4a:b0:1a3:5991:4845 with SMTP id zu10-20020a056a213a4a00b001a359914845mr1227864pzb.38.1710811659566; Mon, 18 Mar 2024 18:27:39 -0700 (PDT)
MIME-Version: 1.0
References: <170921360885.22264.6918859901515801120@ietfa.amsl.com> <CADaq8jcHLGtjqGfWKw+oKOooXY0wOmqbagYU2X0gpigjM3x4pQ@mail.gmail.com>
In-Reply-To: <CADaq8jcHLGtjqGfWKw+oKOooXY0wOmqbagYU2X0gpigjM3x4pQ@mail.gmail.com>
From: Rick Macklem <rick.macklem@gmail.com>
Date: Mon, 18 Mar 2024 18:27:26 -0700
Message-ID: <CAM5tNy6nZmqi3sPOYRtQArtUwVk_GcZKZsaYDZ4FdWZ6SgUZFg@mail.gmail.com>
To: David Noveck <davenoveck@gmail.com>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/mkVMNlaoqRMCrScdP9Q0GVDGa24>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-acls-00.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 01:27:44 -0000
I may have missed it since it is a large document, but I think there is one specific case for NFSv4.1/4.2 that needs to be addressed. RFC8881 specifies that integrity of privacy is required for SP4_MACH_CRED. I think the RPC/transport layer privacy protection, such as that provided by RPC-with-TLS should now be considered sufficient to satisfy this requirement. (ie, integrity or privacy or RPC/transport layer privacy should be required) rick On Mon, Mar 4, 2024 at 5:28 AM David Noveck <davenoveck@gmail.com> wrote: > > This was also submitted in time. To get it in by the deadline, left some gaps that will be corerected in -01. Will discuss at IETF119. > > ---------- Forwarded message --------- > From: <internet-drafts@ietf.org> > Date: Thu, Feb 29, 2024 at 8:33 AM > Subject: New Version Notification for draft-dnoveck-nfsv4-acls-00.txt > To: David Noveck <davenoveck@gmail.com> > > > A new version of Internet-Draft draft-dnoveck-nfsv4-acls-00.txt has been > successfully submitted by David Noveck and posted to the > IETF repository. > > Name: draft-dnoveck-nfsv4-acls > Revision: 00 > Title: ACLs within the NFSv4 Protocols > Date: 2024-02-29 > Group: Individual Submission > Pages: 75 > URL: https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-acls-00.txt > Status: https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-acls/ > HTML: https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-acls-00.html > HTMLized: https://datatracker.ietf.org/doc/html/draft-dnoveck-nfsv4-acls > > > Abstract: > > This document describes the structure of NFSv4 ACLs and their role in > the NFSv4 security architecture. While their role in providing a > more flexible approach to file access authorization than is made > available by the POSIX-derived authorization-related attributes, the > potential provision of other security-related functionality is > covered as well. > > While the goals of the description are similar to that used in > previous specficaion, the approach taken is substantally different, > in that a core set of functionality, derived form the the now- > withdrawn POSIX draft ACLs is the conceptual base of the feature set > while extensions to that functionality are made available as OPTIONAL > extensions to that core. > > The current version of the document is intended, in large part, to > result in working group discussion regarding existing NFSv4 security > issues and to provide a framework for addressing these issues and > obtaining working group consensus regarding necessary changes. > > When the resulting document is eventually published as an RFC, it > will supersede the descriptions of ACL structure and semantics > appearing in existing minor version specification documents such as > RFCs 7530 and 8881, thereby updating RFC7530 and RFC8881. > > > > The IETF Secretariat > > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] Fwd: New Version Notification for draft-d… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem