IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-02.txt

"Everhart, Craig" <Craig.Everhart@netapp.com> Mon, 08 October 2018 15:48 UTC

Return-Path: <Craig.Everhart@netapp.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F692130E25 for <nfsv4@ietfa.amsl.com>; Mon, 8 Oct 2018 08:48:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netapp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m4Fbsx9n8XFl for <nfsv4@ietfa.amsl.com>; Mon, 8 Oct 2018 08:48:12 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0062.outbound.protection.outlook.com [104.47.36.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A90BB130E22 for <nfsv4@ietf.org>; Mon, 8 Oct 2018 08:48:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tBoAuXettEKVjZSoL74iwAPjXr27yzEcVMZjR3KK1OU=; b=Cv56wz7eGA4VyQXf7qUwT6hd4SMdFiRkM5rWmaU06rc6ghrn8a5PPnBZ4mvAywA6HJcSFRcDuJbtkb5WtdEpl3JI/zvzVeBfqMxwxrh9un9DGy5ur0sJNlI7yTGzAU/so1Dy1F/kD2HVB8wZAmQ6Dyi1yF1SPxO27fMkpuOmq20=
Received: from BN6PR06MB3089.namprd06.prod.outlook.com (10.174.95.163) by BN6PR06MB2851.namprd06.prod.outlook.com (10.175.127.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.23; Mon, 8 Oct 2018 15:48:11 +0000
Received: from BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::8935:a8ae:f256:fe6]) by BN6PR06MB3089.namprd06.prod.outlook.com ([fe80::8935:a8ae:f256:fe6%5]) with mapi id 15.20.1207.024; Mon, 8 Oct 2018 15:48:11 +0000
From: "Everhart, Craig" <Craig.Everhart@netapp.com>
To: "nfsv4@ietf.org" <nfsv4@ietf.org>
Thread-Topic: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-02.txt
Thread-Index: AQHUXxdeq4VZRMmWm0utjltynZGocaUVO2KA
Date: Mon, 08 Oct 2018 15:48:11 +0000
Message-ID: <23D33FE9-54F9-40CB-AC41-23EC15603E47@netapp.com>
References: <153901060913.16390.8389561648327812120@ietfa.amsl.com>
In-Reply-To: <153901060913.16390.8389561648327812120@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.11.0.180909
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Craig.Everhart@netapp.com;
x-originating-ip: [216.240.30.4]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR06MB2851; 6:kN4OBIMDCIE/3v+J0/HL32eFwxuct/PwtLw+0s4P3UDKnPvUVJ9TeG924qzOb3g3H7k2MV5lPLD+yxD34u1h98mV9lo0FlfH6e3fhE7mM4GRtXA2zI6mJXPi0shkMNP+ZjBNMJGdpObrFO72o8y26Qnli1jAmf32DHnFSPGOKSeRyCrK50SY0x6+gYp4Koc9xUB5z7wzs8oK63pzWXcVyzb92j+F9CGSIMO2DraDNeQBQeySbDDCDCmBvmsGOpq6WgKGP/SX/CNTZnEh8KwrAEk1DAINBg8Uv9dTnYCSw4sliuhOSVHsLuXII/i+ag7W7cf2/ortT7zrxVz/Y8NEKytuf6bgZina45ss/kUplH6k7pKHYZ1nE9HSHuzTz9QzAc0iSTcW/2z/yP8V+4xedBak0KDVkIfjMFo1tFM2x9UoAcp6Zj/yI1pOqef6TxvYLs5L6oDhNMY3KCyMC5fmlQ==; 5:t1PHPk6gFSwNvrJ9Xo9iGFKdmFhKD6HsWgIHyjfufSVo6QKamiEHzJkH3esZCm5+JBrBIvl1cin5xOHLv7YjNlvNdj96ZkHuTVpQo9N9gUyS5aSMKDCk47VxukYyr+l4nFq2Q3lcRFvQvkH2Q0LumN/F3PGw+VXLDWuorIjkbdk=; 7:S3OdE7klUwpyCa76yfRnrPWWZeySAN59sOv1jZ3QlOzfl7p/MGcw8CA4eK3R0/bK27S1ej24SijLT0YrEkgRHWD2ulL3nX/ipYEYnqx85+H142FBtMYNEhZk4UV3HLsIEIYH60Qov/JeqgXSUOsjzOgjor7xyKo+tRQYUiEZmZeWBMh7DHCCbNlVHUbkJq3ifQs/eboYM32xgYykmLOw31TxBIw4ztFEKZ12i6CBr9cFFUdDZqEgTi4gigzbzgru
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 8dc3e431-9a13-4627-eaa2-08d62d35736a
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7193020); SRVR:BN6PR06MB2851;
x-ms-traffictypediagnostic: BN6PR06MB2851:
x-microsoft-antispam-prvs: <BN6PR06MB28519748DEC51AF42B810AD2F0E60@BN6PR06MB2851.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(120809045254105);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231355)(944501410)(52105095)(3002001)(93006095)(93001095)(10201501046)(6055026)(149066)(150057)(6041310)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051); SRVR:BN6PR06MB2851; BCL:0; PCL:0; RULEID:; SRVR:BN6PR06MB2851;
x-forefront-prvs: 081904387B
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(346002)(396003)(136003)(39860400002)(376002)(366004)(189003)(199004)(6246003)(82746002)(966005)(33656002)(36756003)(6916009)(478600001)(72206003)(6506007)(2351001)(99286004)(256004)(76176011)(105586002)(25786009)(106356001)(66066001)(6306002)(5250100002)(102836004)(7736002)(58126008)(6512007)(11346002)(53936002)(446003)(2906002)(186003)(71190400001)(71200400001)(83716004)(81166006)(81156014)(229853002)(68736007)(5640700003)(8936002)(26005)(14454004)(3846002)(5660300001)(6116002)(476003)(2501003)(86362001)(486006)(2616005)(6436002)(6486002)(8676002)(316002)(2900100001)(97736004)(305945005); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR06MB2851; H:BN6PR06MB3089.namprd06.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: hs8tKhu5ear8SipOHGQmvqgW1sd7mfIq12/j/ZmlIv03YrtbBWnRuTcgGpLIHnKGPNSL5WhxePOwtl5p9k9Ijw1ewbWS3Xm89KnVW/9JT/BjJ9MumuGMpohkZjt/qPDYd/KS64OAcXPV3T+nJZLfri9JCfFN6GSkCipEioWje90IFKbHIJrrSj7/35yu8757nZHyZ0RmLxKvBKWNK7oBm3zTwqOJpb8I8o8yCLszVfygJHQssacghl6uoqzfDnJLCvXoSvBlIQWuu8aMY5lCCa/P5ikME5JWce6JeGrrqA0HGjbJ+UFQ2UyrWfBTlvyNzu4lBdybipSqgno0ugQtY9C8i3azVuaiQNBzPlw9sk4=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <17618B3849884247972DBCAF1D215EBF@namprd06.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: netapp.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8dc3e431-9a13-4627-eaa2-08d62d35736a
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2018 15:48:11.1476 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR06MB2851
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/t9kBaMofQbe_5snd_3_MGignCv0>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-02.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Oct 2018 15:48:16 -0000

In the "1. Introduction", the opaque provenance information is described as including a "keyed hash, such as an HMAC [RFC2104]" without any indication as to the management of the key information.  Must that information, also, be taken on faith?  What's the basis for this claim?  Is it required for all provenance information, or just for some?

There's an effort made in this draft to distinguish participating/non-participating clients and servers.  Because this draft really talks about only one kind of provenance information, what is to be done with clients or servers that participate in one but not all kinds of provenance information?

Apparently, the updating of file content must be done in conjunction with updating of provenance information.  What can be done to make such operations mutually atomic?  What's to be done with a server that wants to vet provenance information, but notices that the stored provenance information is not correct with respect to the stored file content?  Surely there are other, similar, race-like conditions.

		Craig


On 10/8/18, 10:58 AM, "nfsv4 on behalf of internet-drafts@ietf.org" <nfsv4-bounces@ietf.org on behalf of internet-drafts@ietf.org> wrote:

    A New Internet-Draft is available from the on-line Internet-Drafts directories.
    This draft is a work item of the Network File System Version 4 WG of the IETF.
    
            Title           : File Content Provenance for Network File System version 4
            Author          : Charles Lever
            Filename        : draft-ietf-nfsv4-integrity-measurement-02.txt
            Pages           : 13
            Date            : 2018-10-08
    
    Abstract:
       This document specifies an OPTIONAL extension to NFS version 4 minor
       version 2 that enables file provenance information to be conveyed
       between NFS version 4.2 servers and clients.  File provenance
       information authenticates the creator of a file's content and helps
       guarantee the content's integrity from creation to use.
    
    
    The IETF datatracker status page for this draft is:
    https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/
    
    There are also htmlized versions available at:
    https://tools.ietf.org/html/draft-ietf-nfsv4-integrity-measurement-02
    https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-integrity-measurement-02
    
    A diff from the previous version is available at:
    https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-integrity-measurement-02
    
    
    Please note that it may take a couple of minutes from the time of submission
    until the htmlized version and diff are available at tools.ietf.org.
    
    Internet-Drafts are also available by anonymous FTP at:
    ftp://ftp.ietf.org/internet-drafts/
    
    _______________________________________________
    nfsv4 mailing list
    nfsv4@ietf.org
    https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email