Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
Benjamin Kaduk <kaduk@mit.edu> Sat, 10 November 2018 11:31 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02AD2130FE8 for <nfsv4@ietfa.amsl.com>; Sat, 10 Nov 2018 03:31:17 -0800 (PST)
X-Quarantine-ID: <dEdtStUrLpFg>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...]
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dEdtStUrLpFg for <nfsv4@ietfa.amsl.com>; Sat, 10 Nov 2018 03:31:15 -0800 (PST)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1824C130E37 for <nfsv4@ietf.org>; Sat, 10 Nov 2018 03:31:14 -0800 (PST)
X-AuditID: 12074423-b1bff7000000742d-e9-5be6c17fb110
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 1C.A5.29741.081C6EB5; Sat, 10 Nov 2018 06:31:13 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.14.7/8.9.2) with ESMTP id wAABV6cA016700; Sat, 10 Nov 2018 06:31:08 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) �by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id wAABV1To022553 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 10 Nov 2018 06:31:03 -0500
Date: Sat, 10 Nov 2018 05:31:00 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: "Everhart, Craig" <Craig.Everhart@netapp.com>, NFSv4 <nfsv4@ietf.org>
Message-ID: <20181110113100.GW65098@kduck.kaduk.org>
References: <154160412218.26446.11676556173331817093@ietfa.amsl.com> <74E10D08-6181-49C8-B994-6554C72C4B7D@oracle.com> <BBC9F2E1-4E81-4FE4-99D0-A0B23F33AAD4@netapp.com> <D1E8642B-9A07-4812-82E0-982EDC6EF73E@oracle.com> <578769FE-6C12-4003-A579-7FB461D99A8A@netapp.com> <32BFC3DE-BF20-4A3B-88AC-FAF2C19F714D@oracle.com> <CCC8A8EA-7D8D-440F-B29C-1D3577FC104D@netapp.com> <CDC6A311-4076-405B-AE4C-26A0BC8CE685@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CDC6A311-4076-405B-AE4C-26A0BC8CE685@oracle.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphleLIzCtJLcpLzFFi42IRYrdT0W08+CzaoGcLi8X/u8+ZLE6cns5k Mfv9I1YHZo8lS34yecz49IXN4+PTWywBzFFcNimpOZllqUX6dglcGe8+HWYpuCpQcWLfe8YG xg88XYycHBICJhJzDn1nBbGFBNYwSWxck9PFyAVkb2SUmHH7CAuEc5dJYkv/AbAqFgFViSun tjKC2GwCKhIN3ZeZQWwRAQ2J3dN3gNnMAp4Se0+0MoHYwgKhEh+mrWUDsXmBtm370cQMsW0D s8TshbkQcUGJkzOfsED0qkv8mXcJqIYDyJaWWP6PAyIsL9G8dTZYK6eAncTsxv9gJ4gKKEvs 7TvEPoFRcBaSSbOQTJqFMGkWkkkLGFlWMcqm5Fbp5iZm5hSnJusWJyfm5aUW6Zrp5WaW6KWm lG5iBAe6i/IOxpd93ocYBTgYlXh4fyx/Gi3EmlhWXJl7iFGSg0lJlFc39lm0EF9SfkplRmJx RnxRaU5q8SFGCQ5mJRFe2S1A5bwpiZVVqUX5MClpDhYlcd4/Io+jhQTSE0tSs1NTC1KLYLIy HBxKErwOB4CGChalpqdWpGXmlCCkmTg4QYbzAA03BanhLS5IzC3OTIfIn2JUlBLn1QdJCIAk Mkrz4HpBiUgie3/NK0ZxoFeEeXtBqniASQyu+xXQYCagwdZfH4MMLklESEk1ME5fuLSPb/Hy 0pBPkws3516umnFmtcz0lKVXHz/h6FzYVvXz+Cy74s8FXs8nnZSL9ba8tPiSu8oGsbk3F/16 EVoxR/SbVOnXR+e3mLp5GxxXdgv4fkb4fhzjxJ1XL3AviDq+leHEwtLz+hFTf2y8fGt+xRG+ rDyp0vUrpqXMTbJ7t/mZx7l9E8T/K7EUZyQaajEXFScCAIJ///8fAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/oFjqrTCuNFild6ggevYgYMgaPMI>
Subject: Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integrity-measurement-03.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Nov 2018 11:31:17 -0000
On Thu, Nov 08, 2018 at 01:23:24PM -0500, Chuck Lever wrote: > > > > On Nov 8, 2018, at 12:03 PM, Everhart, Craig <Craig.Everhart@netapp.com> wrote: > > > > Hi Chuck, just one point. > > > > On 11/8/18, 11:54 AM, "Chuck Lever" <chuck.lever@oracle.com> wrote: > > > >> This means _any_ change > >> to the content between the time it is generated and the time it > >> is used can be detected. > >> > >> And detected by only these special tools. > > > > No, the FPI is evaluated by the provenance assessor before each > > access of the file. > > > > Perhaps you could clarify this architecture. The menagerie of tools that would be modified, this provenance assessor--what is the architecture of the system in which these tools exist? Is the "provenance assessor" part of the presumed OS on the NFS client? > > We're going in circles now. I've explained this before in e-mail > and in the document. > > > > Is it active when I read a file with the menagerie (e.g., "cp")? > > Depending on policy, it can be. > > > > At backup time? > > Depending on policy, it can be. > > The primary point of FPI is to prevent the use of corrupted file > contents. Copying or backing up file content is not necessarily > considered "use", but an administrator might be paranoid or want > some notification if tampering has occurred long before a file > is used. It's also possible that a tool can be constructed to > scrub a file system to pre-emptively identify corrupted content. > > Again, this document is not meant to be a full specification of > IMA and how it's used. A discussion of tooling is out of scope, > IMO. > I am not going to say that a discussion of tools needs to be in the document, but I think it's okay to have some discussion on the list to get people onboard with the idea that one can use this to build a useful system. (There is precedent for wanting confidence that a useful system can be built, viz. my DISCUSS ballot position on draft-ietf-lisp-rfc6830bis. The situation here seems much simpler than that one is, though.) -Ben
- [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-me… internet-drafts
- [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-integri… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Everhart, Craig
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… David Noveck
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Chuck Lever
- Re: [nfsv4] Fwd: I-D Action: draft-ietf-nfsv4-int… Benjamin Kaduk
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Everhart, Craig
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Benjamin Kaduk
- Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrit… Chuck Lever