IETF Logo Mail Archive

Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-flex-files-15: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Tue, 10 April 2018 23:26 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0606312D876 for <nfsv4@ietfa.amsl.com>; Tue, 10 Apr 2018 16:26:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.608
X-Spam-Level:
X-Spam-Status: No, score=-2.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ELlkjuXpQPji for <nfsv4@ietfa.amsl.com>; Tue, 10 Apr 2018 16:26:28 -0700 (PDT)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6A4912D80F for <nfsv4@ietf.org>; Tue, 10 Apr 2018 16:26:28 -0700 (PDT)
Received: by mail-oi0-x22b.google.com with SMTP id z8-v6so12870741oix.2 for <nfsv4@ietf.org>; Tue, 10 Apr 2018 16:26:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Rye24ylp1WbrylIiWXuelQaRPtRDf9SjHOE/a69IXTk=; b=twtS1+bks7ZFtJuWnRvRNliVns7DnaGQJyTg7dJ/niURWlUyQi/+++FkfMMDKzb1eP NFLNNcOHBIPtcMvUQJYyWqDDMPoes6DJfdDSZY6Qn+BbT9+DRgM5J0ykJTxgjY+RW/pG URQYKCTWbw0nHbx5CspyloZnZjmBYT7PdvIqhW8SqNRLHR6xHP9D09+P2vJOOjQIvpE7 aAPvosqA0kvGWg2Dg0HRFeiwBEcjAC587KxNL5wNdpW5wOOsGChtCifyzYcr5SWSAdxO SLILk8Ajk5Fdni56+tRNpQWRIB7/DbWl/Qj99VnNwWnAvlKoc9JLHeholElt365Wqt5a npRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Rye24ylp1WbrylIiWXuelQaRPtRDf9SjHOE/a69IXTk=; b=UfL9lDgCbSjoryrUlrC6uLYEtJQAvMnN66WJpmM4/sZWHk+W53qD3MIn4PZHX+Kt/A +vjSkHprthQ9NG88FxDGSN+0fkoO7Ll4DQ3WcimcIbCE7kEgr3vKIkH3Kos/j+pktqW2 RwkjqYPu9d3wL06h5m+qvzkhAm/vJXHFDTJSQCvP121jy21iSN4COYhKgs7sT9iK15GR ydGmz0QKxC+taACojMM0sZGeaCVnlxJB28bsnIxlDnw9VQwtgfN1dGh/GFhtdvvObynx H82ip857VFsRxTfEM97W1OX+Zlp0j3Ch2RFpUV7BMWt/LFrI0lr0fl3ib37Jfg0K4rAI HifQ==
X-Gm-Message-State: ALQs6tBYjncn33wXMcZ3ybrFoX/TONP3j2HYAJ33VlV1tYqPT4O+0mgA xBx7oujdQXFTp6PNJZZk6MS2QZ+Lyg1n2vxs6rBbEQ==
X-Google-Smtp-Source: AIpwx4+s2dpDL82h28Ip5aBqN4+114kwwkD5jHrfFeju6fiHIaT47ww/CIlrBfVvdmYwVT0PIXy7DyUHp5EyyrywJ2E=
X-Received: by 2002:aca:c744:: with SMTP id x65-v6mr1494728oif.43.1523402788019; Tue, 10 Apr 2018 16:26:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.138.18.130 with HTTP; Tue, 10 Apr 2018 16:25:47 -0700 (PDT)
In-Reply-To: <CAKKJt-e=81qyR3YXNb9imu8kzk6+nCYgMjeZqHNwt3xi4CfNxQ@mail.gmail.com>
References: <151683050192.22597.10931170494891133045.idtracker@ietfa.amsl.com> <9FD918F5-D08C-45FC-B6BB-30CBB3D4EC51@gmail.com> <CABcZeBPE5gV3KPpRpRxAtYRSSCZh8+3-fcf-1VsxF3AxmomnwQ@mail.gmail.com> <F2ADAD73-6AB3-45EF-B6FE-033E01F58D8E@gmail.com> <CAKKJt-e=81qyR3YXNb9imu8kzk6+nCYgMjeZqHNwt3xi4CfNxQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 10 Apr 2018 16:25:47 -0700
Message-ID: <CABcZeBPM_Rnb0QZvbvBpUCNd6yurtz0ipexUQscmnG_samb2RA@mail.gmail.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Cc: Tom Haynes <loghyr@gmail.com>, The IESG <iesg@ietf.org>, draft-ietf-nfsv4-flex-files@ietf.org, NFSv4 <nfsv4@ietf.org>, nfsv4-chairs@ietf.org
Content-Type: multipart/alternative; boundary="00000000000007b6a7056986dac1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/nkcQeBhROSalV5mHqeU4qMhEGOY>
Subject: Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-flex-files-15: (with DISCUSS and COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2018 23:26:31 -0000

Not entirely. I'm inferring from the following text that this draft is
supposed to have somewhat better security than typical NFS, but it's
not really clear.


   If the configuration of the storage device is such that clients can
   access the directory namespace, then the access control degrades to
   that of a typical NFS server with exports with a security flavor of
   AUTH_SYS.

On Tue, Apr 10, 2018 at 11:43 AM, Spencer Dawkins at IETF <
spencerdawkins.ietf@gmail.com> wrote:

> Hi, Eric,
>
> On Mon, Apr 2, 2018 at 2:56 PM, Tom Haynes <loghyr@gmail.com> wrote:
>
>> Hi Eric,
>>
>> Kathleen has removed her “discuss” from this document (the new version
>> was pushed,
>> which satisfied her need for the SecDir review.
>>
>> Could you please revisit your position on this draft?
>>
>
> I'm just following up on this one - could you take a look at whether -17
> addresses your Discuss position?
>
> Thanks,
>
> Spencer
>
> (diff from telechat version is https://tools.ietf.org/
> rfcdiff?url1=draft-ietf-nfsv4-flex-files-15.txt&url2=draft-
> ietf-nfsv4-flex-files-17.txt)
>

v2.23.0 | Report a Bug | By Email