Re: [nfsv4] Fwd: New Version Notification for draft-haynes-nfsv4-flex-filesv2-00.txt

Benjamin Kaduk <kaduk@mit.edu> Mon, 28 August 2017 19:45 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7CEB126DD9 for <nfsv4@ietfa.amsl.com>; Mon, 28 Aug 2017 12:45:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G-GhaX0Ljn36 for <nfsv4@ietfa.amsl.com>; Mon, 28 Aug 2017 12:45:25 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3186D1320BD for <nfsv4@ietf.org>; Mon, 28 Aug 2017 12:45:25 -0700 (PDT)
X-AuditID: 12074424-111ff700000042cd-f3-59a472d3968e
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 64.E7.17101.4D274A95; Mon, 28 Aug 2017 15:45:24 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v7SJjM7t025074; Mon, 28 Aug 2017 15:45:23 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v7SJjINk011764 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 28 Aug 2017 15:45:21 -0400
Date: Mon, 28 Aug 2017 14:45:18 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Olga Kornievskaia <aglo@citi.umich.edu>, "nfsv4@ietf.org" <nfsv4@ietf.org>, Thomas Haynes <loghyr@primarydata.com>
Message-ID: <20170828194518.GI96685@kduck.kaduk.org>
References: <150215110527.12392.18161698955589691126.idtracker@ietfa.amsl.com> <2CA259E3-BD3A-482B-BFBF-3B90425AD3EA@primarydata.com> <CAN-5tyETNMCPVC5wJ-_77vM5+hVB+-uasd37kn+M=hoCeK6P7w@mail.gmail.com> <CAABAsM6rmrDU4BR6Ho7YFjjYA2amEkwuRGtzN537VXUZ-Eh-hg@mail.gmail.com> <20170808185803.GQ70977@kduck.kaduk.org> <CAABAsM7xOpbopPa3v1YMtfcFZbNZ=Jygap37Bg6qGfDDAvRHhQ@mail.gmail.com> <CAN-5tyHz1cqSWyv1hVMvzaqSr1W0V0_drz3BvzxHWDyM5w+spw@mail.gmail.com> <20170808203145.GS70977@kduck.kaduk.org> <CAN-5tyHR80V1Fi3GZJ5u=FsxQ5va=Ka2qTCmHZ48PikURYjwGw@mail.gmail.com> <20170828175805.GA3393@fieldses.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20170828175805.GA3393@fieldses.org>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupileLIzCtJLcpLzFFi42IR4hRV1r1StCTS4P8yDou1j56yW7yYEmWx fM9WdovZ7x+xOrB4rGntZPHYMLWJzWPJkp9MHvPnygWwRHHZpKTmZJalFunbJXBlPFn3maVg IXvFqQt7mBoYn7B2MXJySAiYSMzZfJyti5GLQ0hgMZNEx7PjrBDORkaJ5T8a2CGcq0wSe/+u ZgFpYRFQlTh7eD4TiM0moCLR0H2ZGcQWEdCR2PD5HVicWaBe4t0HkGZODmGBeIn1s58ygti8 QOv+vD0Jte45i0Tz829MEAlBiZMzn7BANGtJ3Pj3EijOAWRLSyz/xwES5hQwlPh66AvYLlEB ZYl5+1axTWAUmIWkexaS7lkI3QsYmVcxyqbkVunmJmbmFKcm6xYnJ+blpRbpmuvlZpbopaaU bmIEBTO7i8oOxu4e70OMAhyMSjy8DHZLIoVYE8uKK3MPMUpyMCmJ8u6sWBwpxJeUn1KZkVic EV9UmpNafIhRgoNZSYT3fSFQOW9KYmVValE+TEqag0VJnFdcozFCSCA9sSQ1OzW1ILUIJivD waEkwdsE0ihYlJqeWpGWmVOCkGbi4AQZzgM0/A3Y8OKCxNzizHSI/ClGXY6mD1u+MAmx5OXn pUqJ88aBFAmAFGWU5sHNASUhiez9Na8YxYHeEuZNBaYkIR5gAoOb9ApoCRPQEkXBhSBLShIR UlINjAe3y2ect350Ovasw+Xa+huMD0yq7s7o8p2U/Dgl9GalgdXnf4e1dc1fh6r7Rt1n7XqV YBmycdZyzTsLsjIfZa6u+f9+xsWkW55mVw7vcmmYcLnd8tO31O9dS6t+7XY2muuw5qNJ9kX3 xPpJBVfmnPWv81g4Y+fBA6um/5zm+3M5zwbX71I67J1KLMUZiYZazEXFiQDk4DwYHQMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/p2VTtutB4cLo5111Rsuknp7X5Tw>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-haynes-nfsv4-flex-filesv2-00.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Aug 2017 19:45:27 -0000

On Mon, Aug 28, 2017 at 01:58:05PM -0400, J. Bruce Fields wrote:
> 
> The Linux server's gss processing is done in ignorance of any protocol
> below that layer, and I can't think of a reason why we wouldn't accept a
> gss context from a different IP address.
> 
> The split between kernel and rpc.gssd means that the Linux client always
> does context initialization over a different connection from normal data
> exchanges, so we can be pretty sure servers deal with that at least.

Thanks for the details.

> But I guess that wouldn't prevent other servers from binding the context
> to a particular connection or IP address after that.  I don't think the
> specs say anything either way.

It's really something that would be specified at the (GSS) mechanism
layer, I think.  And Kerberos has generally moved away from address
restrictions since they fail in the presence of (e.g., residential) NAT.

-Ben