IETF Logo Mail Archive

Re: [nfsv4] questions w.r.t RPC-over-TLS draft

Rick Macklem <rmacklem@uoguelph.ca> Mon, 20 January 2020 02:26 UTC

Return-Path: <rmacklem@uoguelph.ca>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09D80120071 for <nfsv4@ietfa.amsl.com>; Sun, 19 Jan 2020 18:26:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BiaYDH_B6XgR for <nfsv4@ietfa.amsl.com>; Sun, 19 Jan 2020 18:26:11 -0800 (PST)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670048.outbound.protection.outlook.com [40.107.67.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3300812001E for <nfsv4@ietf.org>; Sun, 19 Jan 2020 18:26:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aFd5QFHJS0VmpMeoNHnNvBBBYs4LbvIfIjJe3FPxfgCwIknlu/wsa7aLHVRTkOooq3UYgTtKWBI2VqphlbXFZHo4QOJG2ExEWhkYPG6ItwSJXYWztRkGiKNO3C5rvZzbehEEx9t5oy+HPs9ao5Q87/xwnRqZNriBDvIyP3rn78UO/DoyQXP/qRh6x/Hj8kaW00b3mHuRkpl44ql3pukp7DmXItWUzyUetl727fycm86YzMh64yC7wWqYEBa5+j5+bY9SUf37bV2jK7KeSmtKhViorMyoaf40fDsx5KWPk3fmGvBTW43Vu5M0z4hIJph+dYcsbAN0Zrq5Gqeov7ybgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9Yj+BuXrW7R4XAgkOrLnzLQVCMZ0a6VtP24bH9nCtZ0=; b=eCCaMVKAh5XO+yMzZmUE6KmWd7WXq7JNAa6ypo4TRF4YY8aZlaeBSXmMEpQog06GPzp8V3gH2S+g0xGP6gKKRtY8riJalCfq+hyuWCTTEc8Asb6A27F9Mh5Dnz5PQ07SgSO/jl6IIzLAvWS4jUewZpuMxb14v83L2MgWHdzjr5wrgtAvK9Cjc+Gr/zQ8dW/EmQFISQY3Vgic+jJe9U5XHh3iJdcr19maxhcvolu4KwxpiIVsH99AgQscrfi6llilQ5tdRPMDTDXzCTzMbOnjdnWc9xsfgTZlCrVThcYw/emKBALCz4n7A2oEpH7ih76LxJyLSACbHKNQZVTeblMwVg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none
Received: from YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM (52.132.69.153) by YQBPR0101MB1860.CANPRD01.PROD.OUTLOOK.COM (52.132.67.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.20; Mon, 20 Jan 2020 02:26:09 +0000
Received: from YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM ([fe80::7512:8580:8d82:6c94]) by YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM ([fe80::7512:8580:8d82:6c94%6]) with mapi id 15.20.2644.024; Mon, 20 Jan 2020 02:26:09 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: questions w.r.t RPC-over-TLS draft
Thread-Index: AQHVzye+eTXe64dubES650eWV4dxj6fy0ZSP
Date: Mon, 20 Jan 2020 02:26:09 +0000
Message-ID: <YQBPR0101MB14276B35663CFEE540988EB1DD320@YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM>
References: <YQBPR0101MB142761C64D6A842CB99EADC0DD320@YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <YQBPR0101MB142761C64D6A842CB99EADC0DD320@YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rmacklem@uoguelph.ca;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7afbb499-b824-42a3-4b09-08d79d501c3f
x-ms-traffictypediagnostic: YQBPR0101MB1860:
x-microsoft-antispam-prvs: <YQBPR0101MB1860013E485C4D1A29E50F29DD320@YQBPR0101MB1860.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0288CD37D9
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(136003)(366004)(39860400002)(346002)(376002)(199004)(189003)(316002)(786003)(7696005)(6506007)(478600001)(186003)(8676002)(6916009)(966005)(71200400001)(76116006)(2906002)(5660300002)(66476007)(81166006)(9686003)(52536014)(33656002)(55016002)(66446008)(64756008)(66946007)(66556008)(8936002)(81156014)(2940100002)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:YQBPR0101MB1860; H:YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: uoguelph.ca does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2fM86pStl5Or8B/dD29x6dCtDEkIotNxq291qqVEcrA+rGDrRauGd9X9uQB7G3fJeOcQqZB3w7wIAUDV4EZBVgXDmlAr0ADEbYPBt5uTrOx9Fk3iGegeMGleu4QtLSE9pusStuXh9NCDYb0CK1OMzm0xI599A7WRJVrT3TSQsKlTxH8o9vbCfyhkDyslyw1tRYrbok6gHZvvqeVGoP/Qn88RqEsrHnnBpezdYezN6lip9LsK+eqOXxPON7yPs1lz+6wIxsYyJRcluj7vH8HiPafDHkOPd5WTY17Kav10xB7Ua6tgKv5wKevGAYqB5bm345YcJJNaaK0UQd5EK466t9gbxH8ZQBSOhID1PZZYjr3eBcmJ2FvsCzLTzyUvf01RaReBGtmGsZ/+BSof4TLxETixH22eDlRhH6dDghc/2xWbIzJ1ye8O2KO4Ey5xdvqDrpTBDnm7lmQfFiRRzFu7Sga3YtMY4yLsfTbzNbrlZ3HIrdM75NoM+rFEuoeHjb2xZpKobZQvBrPckYJc++Guyw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-Network-Message-Id: 7afbb499-b824-42a3-4b09-08d79d501c3f
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jan 2020 02:26:09.1949 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NXBdq01FqrC4pWW2RR/NKy8SqA8TeD8kk2Z5+93kszhzkro/xE0g4xTugB4QQlo041Uimjz4bo7MsMV6XUiPaA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQBPR0101MB1860
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/q6MkpaTOqn1SwiDH9yXJOvAB9Ps>
Subject: Re: [nfsv4] questions w.r.t RPC-over-TLS draft
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2020 02:26:13 -0000

I wrote:
>Hi,
>
>I've started implementing RPC-over-TLS for NFS and have run into a couple
>of questions related to the draft (#4, I haven't downloaded #5).
>
>1 - Given this description...
>   The flavor value of the verifier received in the reply message from
>   the server MUST be AUTH_NONE.  The bytes of the verifier's string
>   encode the fixed ASCII characters "STARTTLS".
>
>Is the verifier coded as:
>A:   verifier length: 8
>      bytes STARTTLS
>OR
>B:   verifier length: 12
>      string length: 8
>      bytes STARTTLS
>
>ie. Is there supposed to be a string length as coded by xdr_string() in the
>verifier? (It is the words "verifier string" the above that I find confusing.)
>
>Then there is this sentence...
>   AUTH_ERROR.  If the client sends a STARTTLS after it has sent other
>   non-encrypted RPC traffic or after a TLS session has already been
>   negotiated, the server MUST silently discard it.
>
>Does "other non-encrypted RPC traffic" refer specifically to traffic between
>the NULL RPC with AUTH_TLS and the STARTTLS or does it refer to non-NULL RPC >traffic or??
I am also confused about what "sends a STARTTLS" actually means?
(I'll admit I know nothing about TLS and can only find STARTTLS mentioned w.r.t.
 an SMTP email command.)

Does this mean that the 8 bytes STARTTLS goes on the wire immediately after
a NULL RPC with AUTH_TLS or does it mean the 8 bytes STARTTLS goes in a
TCP RPC message (an 8byte message as indicated by the RPC over TCP record
mark, which would normally be too small) or does "sends a STARTTLS" just saying
that the TLS handshake should come immediately after the NULL RPC with AUTH_TLS?

Thanks for any clarification of this, rick


_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email