Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt
bfields@fieldses.org Mon, 29 November 2021 17:01 UTC
Return-Path: <bfields@fieldses.org>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79A163A0CF7; Mon, 29 Nov 2021 09:01:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fieldses.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c_lq1lSQk3yd; Mon, 29 Nov 2021 09:01:35 -0800 (PST)
Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECEAC3A0CA8; Mon, 29 Nov 2021 09:01:29 -0800 (PST)
Received: by fieldses.org (Postfix, from userid 2815) id 3AB2D6EAA; Mon, 29 Nov 2021 12:01:28 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 3AB2D6EAA
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1638205288; bh=jErbEgbcfQZI6ctelcUdggpjYAuKJOXjXRcegqN1Phg=; h=Date:To:Cc:Subject:References:In-Reply-To:From:From; b=UOFR+YJNykr+NsJmp0aWQRF5uUPXkQXjTLGJYtOFjk0YXSNqw9pba3GY7CMI2WKN+ 6tzCPKv65inYVgBD6YOKUxvDb4csij8ACw5vWFxfUgd0DsEW4azPbKDDSDnYO+5xSB 6LTzCGuVH8N0PddG6ZKYx41j7ubdWKHLFP3aqx/o=
Date: Mon, 29 Nov 2021 12:01:28 -0500
To: David Noveck <davenoveck@gmail.com>
Cc: NFSv4 <nfsv4@ietf.org>, nfsv4-chairs <nfsv4-chairs@ietf.org>, nfsv4-ads@ietf.org
Message-ID: <20211129170128.GC24258@fieldses.org>
References: <163767514326.26555.17470749244218204323@ietfa.amsl.com> <CADaq8jes2WfwbXoy7D22gRwCh9Mw-Wrkdkugc9jbp3PNjb6jYA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CADaq8jes2WfwbXoy7D22gRwCh9Mw-Wrkdkugc9jbp3PNjb6jYA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
From: bfields@fieldses.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/pbGEGwDvMwknwjsBKsWaK2BRXqc>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-03.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2021 17:01:45 -0000
Note an xref typo on p. 64. I'm not up for the effort to pin down mode/ACL interactions: - We know that two implementations (Linux and Solaris) already have at least one minor irreconcileable difference. - We know nothing about any other implementations. No other implementors have stepped up to describe their server's behavior. Nobody's stepped up to test other implementations. I strongly suspect such efforts would find more (and larger) differences. - We know of no application that actually depends on these details of how ACLs and mode interacts. I've seen no compelling reason we need this level of detail other than a blanket preference for stricter over looser specification. - Pinning this all down and getting concensus on it is a major effort. I know I've already spent more time on this than I want to. - This is a long complicated piece of an already long complicated spec. I'm fine with minor editorial changes. Otherwise, if we're going to be making substantive changes, I'm only interested in removing language. --b. On Tue, Nov 23, 2021 at 08:55:04AM -0500, David Noveck wrote: > This is considerably different from -02 (1400 lines). Still, a diff > between -02 and -03 is useful to see where the changes/additions are, if > you read -02. > > ---------- Forwarded message --------- > From: <internet-drafts@ietf.org> > Date: Tue, Nov 23, 2021 at 8:45 AM > Subject: New Version Notification for draft-dnoveck-nfsv4-security-03.txt > To: David Noveck <davenoveck@gmail.com> > > > > A new version of I-D, draft-dnoveck-nfsv4-security-03.txt > has been successfully submitted by David Noveck and posted to the > IETF repository. > > Name: draft-dnoveck-nfsv4-security > Revision: 03 > Title: Security for the NFSv4 Protocols > Document date: 2021-11-23 > Group: Individual Submission > Pages: 139 > URL: > https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-03.txt > Status: > https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-security/ > Html: > https://www.ietf.org/archive/id/draft-dnoveck-nfsv4-security-03.html > Htmlized: > https://datatracker.ietf.org/doc/html/draft-dnoveck-nfsv4-security > Diff: > https://www.ietf.org/rfcdiff?url2=draft-dnoveck-nfsv4-security-03 > > Abstract: > This document describes the core security features of the NFSv4 > family of protocols, applying to all minor versions. The discussion > includes the use of security features provided by RPC on a per- > connection basis. > > This preliminary version of the document, is intended, in large part, > to result in working group discussion regarding existing NFSv4 > security issues and to provide a framework for addressing these > issues and obtaining working group consensus regarding necessary > changes. > > When a successor document is eventually published as an RFC, it will > supersede the description of security appearing in existing minor > version specification documents such as RFC 7530 and RFC 8881. > > > > > The IETF Secretariat > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] Fwd: New Version Notification for draft-d… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… bfields
- Re: [nfsv4] Fwd: New Version Notification for dra… bfields
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… J. Bruce Fields
- Re: [nfsv4] New Version Notification for draft-dn… Trond Myklebust
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem
- Re: [nfsv4] Fwd: New Version Notification for dra… Rick Macklem