IETF Logo Mail Archive

Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-xattrs-05: (with DISCUSS)

David Noveck <davenoveck@gmail.com> Tue, 06 June 2017 00:00 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BED2812E043; Mon, 5 Jun 2017 17:00:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ak4b9U5utO7w; Mon, 5 Jun 2017 17:00:48 -0700 (PDT)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65BA2126BF0; Mon, 5 Jun 2017 17:00:48 -0700 (PDT)
Received: by mail-it0-x22f.google.com with SMTP id m47so93146113iti.0; Mon, 05 Jun 2017 17:00:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=mw17iAj/uZKWOapovilIwPliyx8I6QcLBIqAj57odMQ=; b=nMkMvuIwvKpzQmPZcBTEDa+Iwy5AWt48y9bF99y7LLiLv/+bH41iU4ixaNDNzt7WN1 MU9R0+v/ovhZ4BdETJvYgTTFAP3ZfaxXIpREy8PMYNmOGL3I9kTYk+3OHn0VCV9OXYoA RVxC0NTcOQdGgvWOj9iM9nqW9fFD0MkP32EErAi5c/QRdOGDdC6LcyUc3vXuoTaYItYI VjGuZKCED+wlAQrd3TP12Dqf6S3ZTJC3zdBafyMP3ISf8AAC+6uAsMNmaJa9BLboxw57 rFqinZEL4BRafMysKdJT3IUyiy4gtzjaaVpwI4ivhOqK+fOPBvBTn441jpVif96yzyhk xt0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=mw17iAj/uZKWOapovilIwPliyx8I6QcLBIqAj57odMQ=; b=IKbrjdjESfgcv5YDwaxzssPZtDcXxwheh91lO4ClJJ2GZbtgk2FDB/tLwS1KVaQ8wc Uo0dvGxjablzZ74AlPV1p+vftFxdOGNrmjXEpz7uAyv64x3zP7ooRJ7JZgVOduDyATRl MZ75/XBkp7fQBRLKNgN63piTaBZYHp0EU9cLcV2TQTp4SqbJTZKO1gQpoB2+IB3vu/1Y OlDmuPBtrmEtmluS08bKEczhkNgAFziCUYiApwliMTjasbYYZRbif+6Gr8NgKdbdKYeM DIhImcRcJzqoe5yGTBhp6bdfVUHDYXVSqV+oOgrQxYKiqPrb256VYPUE3KUCcRhUKolD DcCw==
X-Gm-Message-State: AODbwcD4eYfQCUKEW3C2vAJEbB6zdZJEXzbn6PMgGEnOm6UKFhXKneE9 lu1UYlKu0b5cGBBL4yf5xzfd1Lk5jhSjGf8=
X-Received: by 10.107.6.69 with SMTP id 66mr21871616iog.163.1496707247655; Mon, 05 Jun 2017 17:00:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.4.148 with HTTP; Mon, 5 Jun 2017 17:00:47 -0700 (PDT)
In-Reply-To: <CABcZeBOG1hk_X8Mnip8+VX-iNsjytB4ypnmr94WE=mmXQS=Uaw@mail.gmail.com>
References: <149559305147.28562.14990485255783585477.idtracker@ietfa.amsl.com> <CAKKJt-cHEoBeP++YP-=FWmVTWkoLWLa5OZ=sDYT7kEBrDvvOiw@mail.gmail.com> <CABcZeBPc9U1D+sSOnz2_3MwVn527ruuqqWoCsZYafx_rLwpyAQ@mail.gmail.com> <CAKKJt-dcjiMFk0NyD-UrBQrtKAZgWaVzcxY67YSDOu0ZVNw9Ng@mail.gmail.com> <CAKKJt-ceK3r8=HXArenmNXpt8bk2MuKbkPL-qoNPZMrHHETfJg@mail.gmail.com> <20170525152957.GV10188@localhost> <OFE1A7E856.598CE2A7-ON8825812B.00586825-8825812B.0058FAF1@notes.na.collabserv.com> <20170525182246.GW10188@localhost> <20170605183938.GA831@fieldses.org> <20170605185620.GH2903@localhost> <CADaq8jf8XHGgeuBX8Ai2R-gS_i0abR5QT+TVdb7UeOSeDNUVAA@mail.gmail.com> <CABcZeBOG1hk_X8Mnip8+VX-iNsjytB4ypnmr94WE=mmXQS=Uaw@mail.gmail.com>
From: David Noveck <davenoveck@gmail.com>
Date: Mon, 05 Jun 2017 20:00:47 -0400
Message-ID: <CADaq8jfN5HUniHkSi1fF6Jsy48o0t6BdMDj=+k_mC+mUJiuuBQ@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Nico Williams <nico@cryptonector.com>, "J. Bruce Fields" <bfields@fieldses.org>, draft-ietf-nfsv4-xattrs@ietf.org, "nfsv4-chairs@ietf.org" <nfsv4-chairs@ietf.org>, NFSv4 <nfsv4@ietf.org>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="001a113edff8d4535405513f4f61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/r4_qdfJ5RgfbIrMM7cSRYb1lRx8>
Subject: Re: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-xattrs-05: (with DISCUSS)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2017 00:00:51 -0000

>
> > It didn't happen and the document has been approved.
>

> Actually, the document hasn't been approved.

My mistake.  My point to Nico was basically that it is past the point
(or at least should be)  past the point when new objections can
be raised.   I recognize the need to resolve existing objections.

I think Bruce's point is right and the authors could update the security
considerations section to point back to Section 5.

That assumes that nobody takes Nico's advice to reverse this part
of the xattrs design.  System xattrs, at least for now, were rejected
largely because they raised the kind of issues you were concerned
about.


On Mon, Jun 5, 2017 at 4:15 PM, Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Mon, Jun 5, 2017 at 9:30 PM, David Noveck <davenoveck@gmail.com> wrote:
>
>> > I see a "system xattrs" extension in NFSv4's future.
>>
>> I don't and a lot of other people don't but if you want to propose one,
>> you can.
>>
>> > You should at least allow for namespace reservations for system xattrs.
>> > I notice you didn't.  Do it now, while you still can!
>>
>> As I understand it, the last chance to make this sort of change without
>> major
>> disruption to the process was when WGLC ended in December 2016.  The
>> review of
>> the document past that point proceeded on the understanding that only
>> user xattrs
>> would be supported and that fact was an important part of the authors'
>> response to
>> some of the security concerns that had been raised during IESG
>> evaluation.
>>
>> > I hope some AD makes that a DISCUSS.
>>
>> It didn't happen and the document has been approved.
>>
>
> Actually, the document hasn't been approved. I'm still holding a discuss
> pending
> resolution of this topic. As I think I made clear in my discuss, I think
> it's fine for
> you to document this issue (or explain why it's not so) but the document
> does
> in fact need to do so.
>
> -Ekr
>
>
>>   I'm not sure exactly what
>> changes are being awaited before the announcement is sent out but I don't
>> expect that
>> a late DISCUSS asking for inclusion of  system xattrs is among them.
>>
>> On Mon, Jun 5, 2017 at 2:56 PM, Nico Williams <nico@cryptonector.com>
>> wrote:
>>
>>> On Mon, Jun 05, 2017 at 02:39:38PM -0400, J. Bruce Fields wrote:
>>> > On Thu, May 25, 2017 at 01:22:47PM -0500, Nico Williams wrote:
>>> > > On Thu, May 25, 2017 at 09:11:53AM -0700, Marc Eshel wrote:
>>> > > > We had a lot of discussions in the WG about the security
>>> implications and
>>> > > > we decided to stay a way of defining different types of xattr.
>>> This is
>>> > > > user only xattr for the applications to use and it should be
>>> handled as an
>>> > > > extension to the data in the file without any meaning for the
>>> protocol. If
>>> > > > it is not clear enough we can fix the text and add a warning.
>>> > >
>>> > > That's fair, but the point is that the security considerations
>>> should be
>>> > > very explicit as to this.  MUST/MUST NOT language is called for.
>>> >
>>> > https://tools.ietf.org/html/draft-ietf-nfsv4-xattrs-05#section-5
>>> >
>>> > "Xattr keys and values MUST NOT be interpreted by the NFS clients and
>>> > servers"
>>> >
>>> > (and the rest of that paragraph).
>>>
>>> I see a "system xattrs" extension in NFSv4's future.
>>>
>>> You should at least allow for namespace reservations for system xattrs.
>>> I notice you didn't.  Do it now, while you still can!
>>>
>>> I hope some AD makes that a DISCUSS.
>>>
>>> If it fell on me to add system attrs later, I might just store them
>>> normal xattrs signed by a "system" key.  That actually may well be the
>>> best way to do it in any case[0], in which case allowing this I-D to
>>> proceed without even a namespace reservation would probably be fine.
>>> However, I think it makes sense to make sure that you're not painting
>>> yourselves into a corner, and that should be done now, not later.
>>>
>>> [0]  I doubt it.  For one, it creates yet another key management problem
>>>      that we should all rather not have.
>>>
>>> Nico
>>> --
>>>
>>> _______________________________________________
>>> nfsv4 mailing list
>>> nfsv4@ietf.org
>>> https://www.ietf.org/mailman/listinfo/nfsv4
>>>
>>
>>
>

v2.23.0 | Report a Bug | By Email