Re: [nfsv4] Stephen Farrell's No Objection on draft-ietf-nfsv4-multi-domain-fs-reqs-10: (with COMMENT)
"Adamson, Andy" <William.Adamson@netapp.com> Wed, 31 August 2016 12:13 UTC
Return-Path: <William.Adamson@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8176512DB25; Wed, 31 Aug 2016 05:13:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.469
X-Spam-Level:
X-Spam-Status: No, score=-7.469 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wkYafqAoJzvU; Wed, 31 Aug 2016 05:13:34 -0700 (PDT)
Received: from mx144.netapp.com (mx144.netapp.com [216.240.21.25]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EEA512DB19; Wed, 31 Aug 2016 05:13:34 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.30,261,1470726000"; d="scan'208";a="140824493"
Received: from hioexcmbx01-prd.hq.netapp.com ([10.122.105.34]) by mx144-out.netapp.com with ESMTP; 31 Aug 2016 05:12:33 -0700
Received: from HIOEXCMBX03-PRD.hq.netapp.com (10.122.105.36) by hioexcmbx01-prd.hq.netapp.com (10.122.105.34) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 31 Aug 2016 05:12:32 -0700
Received: from HIOEXCMBX03-PRD.hq.netapp.com ([::1]) by hioexcmbx03-prd.hq.netapp.com ([fe80::a009:cb7a:e519:7347%21]) with mapi id 15.00.1210.000; Wed, 31 Aug 2016 05:12:33 -0700
From: "Adamson, Andy" <William.Adamson@netapp.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: Stephen Farrell's No Objection on draft-ietf-nfsv4-multi-domain-fs-reqs-10: (with COMMENT)
Thread-Index: AQHSAv+3fiHBGcU83USEmOKshw767KBjcT8A
Date: Wed, 31 Aug 2016 12:12:32 +0000
Message-ID: <68A386D4-98A5-4A20-966A-FF1CBD0D32E9@netapp.com>
References: <147259004562.23685.4230186211321856907.idtracker@ietfa.amsl.com>
In-Reply-To: <147259004562.23685.4230186211321856907.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3112)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.122.56.79]
Content-Type: text/plain; charset="utf-8"
Content-ID: <5B984A88CAE6F645B55FE44C827FF0B5@hq.netapp.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/o_ih6ayOdRRs0Og3O3iMGrZYPRE>
Cc: "nfsv4-chairs@ietf.org" <nfsv4-chairs@ietf.org>, The IESG <iesg@ietf.org>, "nfsv4@ietf.org" <nfsv4@ietf.org>, "draft-ietf-nfsv4-multi-domain-fs-reqs@ietf.org" <draft-ietf-nfsv4-multi-domain-fs-reqs@ietf.org>
Subject: Re: [nfsv4] Stephen Farrell's No Objection on draft-ietf-nfsv4-multi-domain-fs-reqs-10: (with COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2016 12:13:36 -0000
> On Aug 30, 2016, at 4:47 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Stephen Farrell has entered the following ballot position for > draft-ietf-nfsv4-multi-domain-fs-reqs-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-nfsv4-multi-domain-fs-reqs/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > - general: I agree with Kathleen who agrees with Russ' > secdir review. [1] Hello Stephen The referenced review [1] was for draft-08. Did you review draft-08 or draft-10? if this is a review of draft-10 why bring up a review of draft-08? I responded to review [1] in draft-09 and tweeked it again in draft-10. Here is Russ’ secdir reveiw of draft-09 where AFAICS he feels the issues in [1] (draft-08) were addressed. https://www.ietf.org/mail-archive/web/secdir/current/msg06746.html > I was left puzzled as to how this > would be useful to readers. But I've no objection if > that's felt to be the case. However, I'd really > encourage the editors/WG/AD to consider that a > number of folks (who are familiar with GSS etc.) have > found this draft pretty unclear. > > [1] > https://www.ietf.org/mail-archive/web/secdir/current/msg06642.html > > - abstract: 1st sentence seems unwieldy - it puzzled me > anyway;-) Here it is: This document presents requirements on the deployment of the NFSv4 protocols for the construction of an NFSv4 file name space in environments with multiple NFSv4 Domains. I don’t get what is puzzling about it. > > - (various places): Would "identifier syntax" not be > better than "identity syntax"? There's no need to > bikeshed on it, but I do prefer the latter a good bit in > case that helps:-) I don’t see an improvement in identity syntax / identifier syntax. I can see dropping ‘identity’ name@domain identity syntax / name@domain syntax > > - 5.3: Would that "must never" in the 2nd last para be > clearer as an RFC2119 "MUST NOT"? (Just checking.) It’s actually ‘must not blindly’. The original intent of that paragraph was to point out that many stand-alone NFSv4 deployments make the NFSv4 domain name the to_lower(REALM) name, insist that the POSIX user name matches the Kerberos principal name, and then map principal@REALM to a POSIX uid by dropping the @REALM and presenting the principal to the ns_switch mapper. This practice will not work in an NFSv4 multi-domain environment, and should not be encouraged. The paragraph has morphed into a form that is of no use. I’ll remove it. > > - 6.1: Are there any cases of domain names that allow > for escaping or have other syntatic features that > involve more than just octet string comparisons to check > domain name equality? I don't think there are, so just > checking. If there were, then you might need to say > something about that somewhere. name@domain parsing issues are dealt with in RFC7530 and RFC5661, and are not unique to an NFSv4 multi-domain deployment. —>Andy > >
- [nfsv4] Stephen Farrell's No Objection on draft-i… Stephen Farrell
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Adamson, Andy
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Stephen Farrell