IETF Logo Mail Archive

Re: [nfsv4] 4.0 trunking

David Noveck <davenoveck@gmail.com> Thu, 22 September 2016 23:50 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4312112BDE9 for <nfsv4@ietfa.amsl.com>; Thu, 22 Sep 2016 16:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PsbeDoG7smYP for <nfsv4@ietfa.amsl.com>; Thu, 22 Sep 2016 16:50:49 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C0F412BFF3 for <nfsv4@ietf.org>; Thu, 22 Sep 2016 16:50:46 -0700 (PDT)
Received: by mail-oi0-x229.google.com with SMTP id r126so116649835oib.0 for <nfsv4@ietf.org>; Thu, 22 Sep 2016 16:50:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Jcsyvp3kVoivuwalCNgU1RQ3H/3lQhIvHQtWm9qh0sM=; b=HDZwXCWkWcAVjwX2g6unOjih4HN9hbkzXLmeNtUkfqaqzhv2AKmXOM/a85tVeL6UOD TJPgVZAzBlwRIlsF4MEvXnJ7vUcZGouboVrwNwwrgs01FaOIZJMebh4f9/YHJOYAvTiY l0wm4CyyqfrBbTWeSkn3Vkj6MHols0T0nRCu3TkULr8qw+tar0NwmxH5o28Mw+mYSROI wPx1rjDfW2seTVDSdyU/85GUXHMkWWJAFvju3UTeEStTW3ssd9IBOxjjWTEY+rshNDkW xW+Y6hlJaJ4an1Mf/gsnmJCyItDJ+T1W6PkHuCKqvoT4cuPsrV0IEJLjHxwYZcudIF6Z jgrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Jcsyvp3kVoivuwalCNgU1RQ3H/3lQhIvHQtWm9qh0sM=; b=XJ86YpE41mi3cddNxC4Hp2eu1aGyTZVyf2+dJGAkAJ0Dhb3FQzWmoFzTIF5bxjmSUh 1wMelO560zA4owclecNRSo35DHDcFalzY9H5Vp/d0ngEA9FW9yMN8Q/6X1N2URuPkkia 2g/+xyYeZhWVT62O1/95Be/XIcdy7KgiyXqdVTVRT5PyG+4Ttyu1dH4KepaTcD5+Z3s5 uXs847lJx7kq42Bxrj9ho3ocIG1Zt3b0smK1d/1Y01fc6/EUtjpLn/AoYBW+6XUJ7dNd hYrE11mSfyd8gmSIPgpG+iMOv+oo/8JcQvcqcvjRbQ1yB6ohxYJeW+3yNlpJo+UaJ+zF UxzQ==
X-Gm-Message-State: AE9vXwN1QkVzKy7Tx4NSP6j4x2ZiV4KnkOKQBWcLvWFwc8in4QMAdh0uj+gjp5jub2hE6dtrmKQXPQWeeRVMuw==
X-Received: by 10.202.183.4 with SMTP id h4mr6060388oif.111.1474588245530; Thu, 22 Sep 2016 16:50:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.192.10 with HTTP; Thu, 22 Sep 2016 16:50:44 -0700 (PDT)
In-Reply-To: <20160922160445.GD30401@fieldses.org>
References: <BBB2EBDC-6F05-44C1-B45A-C84C24A9AD7F@netapp.com> <20160920213931.GC12789@fieldses.org> <CADaq8jeqr9WPeBeV0ruxwy+5omfgHhJFjAR=tCGL3N-Yjt0PuQ@mail.gmail.com> <20160921024531.GA17232@fieldses.org> <CADaq8jdUJG7zBwn7f2xtLO3gf4nvwjM2H00E6N2oTGP2b9Nzww@mail.gmail.com> <20160921141409.GA20963@fieldses.org> <20160921195339.GC24084@fieldses.org> <CADaq8jfHUr_A=90UTPG7M5+7to3bM1DiYc6sAyYWYOXQTGeTiA@mail.gmail.com> <20160922125145.GA30013@fieldses.org> <CADaq8jdW4NwFV-Lf8fjjcq48Xc+ZJnc-Gn+bOwqXLm6zH9AOUw@mail.gmail.com> <20160922160445.GD30401@fieldses.org>
From: David Noveck <davenoveck@gmail.com>
Date: Thu, 22 Sep 2016 19:50:44 -0400
Message-ID: <CADaq8jc3A6BCcT=J+f19QcY5nyMbqHwCbANc15V0Lr4MdeeSDQ@mail.gmail.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Content-Type: multipart/alternative; boundary="001a113ce0bc90a621053d2154e0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/rhroOS_emQuM_-LdLnNNmxT1eLA>
Cc: "Adamson, Andy" <William.Adamson@netapp.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: Re: [nfsv4] 4.0 trunking
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2016 23:50:51 -0000

> I'll stick a variation on the shorthands I've been using but I
> beleive I'm following section 5.8 otherwise:

> 1. A previous SETCLIENTID to X1 returned (clientid, verifier)
> (C, V1).
> It was confirmed and kept renewed since.
>
> 2. A new SETCLIENTID to X2 returns (C, V2).
>
> 3. Confirm it with a SETCLIENTID_CONFIRM(C, V2) to X2.
>
> 4. Send a callback-updating SETCLIENTID(C) to X1, which
> returns (C, V1').
>
> 5. Send a SETCLIENTID_CONFIRM(C, V1') to X2.
>
> Then consider X1 and X2 the same server iff 5 succeeds.

> This can incorrectly identify X1 and X2 as the same if V1'
> happens to equal V2.

So section 5.8 is incorrect in telling you to do that.  Point taken.  Later
we'll discuss what to do instead.

> In that case X2 will see the SETCLIENTID_CONFIRM as a
> replay of the one in step 3.

True.

>The RFC is aware of the possibility but expects it to be rare
> because clientids and confirm verifiers are both 64-bit values,
> and if they were each chosen uniformly at random from that
> space, the chance of both colliding would be insignificant.

I don't know if I was assuming uniform random choice.  in any case, I
grossly underestimated the probability of collision.

> In practice they may be chosen in a predictable fashion from a
> limited part of the 64-bit space.  And the birthday paradox
> compounds this problem in the presence of multiple servers.

So now we want to look at how to correct the problem.  The last sentence of
that paragraph says "Note also that the callback update procedure can be
repeated multiple times to reduce the probability of further spurious
matches".   Given what we've seen about the probability of single
collisions, it might seem not worth doing additional iterations.  However,
if we continue your scenario, I think the probability of a false positive
can be reduced to exactly zero by doing just one more
SETCLIENTID/SETCLIENTID_CONFIRM
pair.

So now assume that after step 5, we assume X1 and X2 are distinct if the
operation fails.  However, if it succeeds, we do the following:

6. Send yet another callback-updating SETCLIENTID(C) to X1, which returns
(C, V1'').

Note that V1' != V1''

7. Send a SETCLIENTID_CONFIRM(C, V1'') to X2.

If this operation fails, we conclude that X1 and X2 are distinct and that
step 5 succeeded because V1' = v2.

If this operation succeeds, I believe we are justified in assuming that X1
and X2 are the same.  Suppose they are distinct.  In this case, step 7 can
only succeed if X2 received a SETCLIENTID returning C and V1''.  The only
SETCLIENTID X2 received that returned C had the verifier V2.  And V2 cannot
equal V1'', since, for us to be in this case V2 = V1' and V1 != V1''.

On Thu, Sep 22, 2016 at 12:04 PM, J. Bruce Fields <bfields@fieldses.org>
wrote:

> On Thu, Sep 22, 2016 at 10:46:35AM -0400, David Noveck wrote:
> > > > As it now appears that the Linux client had
> > > > implemented something different than that, the correctness of > > the
> > algorithm
> > > > in section 5.8 has to be considered an open question.
> >
> > > It has the same problem;
> >
> > Please explain what the problem is.  If we don't agree on what the
> problem
> > is, it is hard to come up with a solution.
>
> OK, my attempt, from scratch:
>
> > One way to do this would be to give a case where a
> > client implementing section 5.8 might interact with two servers and could
> > arrive at the wrong result, assuming the servers meet the requirements of
> > RFC7530, which are, as you pointed out, considerably weaker than those in
> > the VS paragraph in section 5.8.
>
> I'll stick a variation on the shorthands I've been using but I beleive
> I'm following section 5.8 otherwise:
>
> 1. A previous SETCLIENTID to X1 returned (clientid, verifier) (C, V1).
> It was confirmed and kept renewed since.
>
> 2. A new SETCLIENTID to X2 returns (C, V2).
>
> 3. Confirm it with a SETCLIENTID_CONFIRM(C, V2) to X2.
>
> 4. Send a callback-updating SETCLIENTID(C) to X1, which returns (C, V1').
>
> 5. Send a SETCLIENTID_CONFIRM(C, V1') to X2.
>
> Then consider X1 and X2 the same server iff 5 succeeds.
>
> This can incorrectly identify X1 and X2 as the same if V1' happens to
> equal V2.  In that case X2 will see the SETCLIENTID_CONFIRM as a replay
> of the one in step 3.
>
> The RFC is aware of the possibility but expects it to be rare because
> clientids and confirm verifiers are both 64-bit values, and if they were
> each chosen uniformly at random from that space, the chance of both
> colliding would be insignificant.
>
> In practice they may be chosen in a predictable fashion from a limited
> part of the 64-bit space.  And the birthday paradox compounds this
> problem in the presence of multiple servers.
>
> Do we agree on the problem?
>
> --b.
>

v2.23.0 | Report a Bug | By Email