Re: [nfsv4] Stephen Farrell's No Objection on draft-ietf-nfsv4-minorversion2-40: (with COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 24 January 2016 11:13 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD1C61B2E7F; Sun, 24 Jan 2016 03:13:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id soRkRi66wKe6; Sun, 24 Jan 2016 03:13:57 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95E6A1B2E7E; Sun, 24 Jan 2016 03:13:57 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 23B66BE49; Sun, 24 Jan 2016 11:13:55 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hqdXji-qguA; Sun, 24 Jan 2016 11:13:54 +0000 (GMT)
Received: from [10.87.48.91] (unknown [86.46.16.108]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A8DC0BE3E; Sun, 24 Jan 2016 11:13:52 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1453634033; bh=lhecPvNO7UD2QybksYYAtnaJiyaUkaUFpiq4lFbVUHE=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=WIfihYDV9PWttCaFFcAPDtc6Z6MDMsL7ggVbVSZdIuU2C3jZmly1xfHwafUtRNZ3D hbL3m5DJpvaR5uAdYHaAjg3kC8b6hu2ZCmTmCusqVD+MEJfVe9EvHADfWEsimJIHss r7JPgdnA/5xwE21NH/TNOMcvyyVK5atDWGvfaUwU=
To: Benjamin Kaduk <kaduk@MIT.EDU>
References: <20160121141530.8170.25186.idtracker@ietfa.amsl.com> <166532A7-FDCC-4021-8314-8CCD2DB36703@primarydata.com> <56A397CB.7060606@cs.tcd.ie> <alpine.GSO.1.10.1601231258390.26829@multics.mit.edu>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56A4B1EF.80009@cs.tcd.ie>
Date: Sun, 24 Jan 2016 11:13:51 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <alpine.GSO.1.10.1601231258390.26829@multics.mit.edu>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/nfsv4/tNor5t2K-2QY6BaLXBZenuzzWnU>
Cc: draft-ietf-nfsv4-minorversion2@ietf.org, nfsv4-chairs@ietf.org, nfsv4@ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [nfsv4] Stephen Farrell's No Objection on draft-ietf-nfsv4-minorversion2-40: (with COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 11:13:59 -0000
Hi Ben, On 23/01/16 18:08, Benjamin Kaduk wrote: > On Sat, 23 Jan 2016, Stephen Farrell wrote: > >> >>>> - 4.10: thanks for providing all that! >>>> >>>> - 4.10: possibly dumb question: does this (or NFSv4) support >>>> what a user would perceive as an encrypting file system >>>> where the keys are held-by/derived from something on the >>>> user's machine? If so, and if the two servers involved use >>>> keys known at the user's machine and not by the NFS >>>> infrastructure then I'm not sure how this can work. IOW, if >>>> there's a decryption and then a re-encryption required in a >>>> server-server copy and if that needs any keying material >>>> from the client then could that ever work? Note that I'm not >>>> talking about securing the file during the server-server >>>> copy but de-crypting before sending and then re-encrypting >>>> before storing. >>> >>> Petty sure that Kerberos provides for this. >> >> Really? I'd be surprised. That probably means I didn't ask >> the question well though:-) >> >> Does NFS have any support for an encrypted file system such >> that the long term keys protecting those files can be stored >> e.g. on a usb dongle that the user keeps? >> >> If so, then I doubt server-server copy can work in such cases >> and that probably would need to be documented. If not, then... >> not:-) > > I don't know that there is much that has been said about a ~"client-side > encrypted network filesystem", i.e., it is not really clear that NFSv4 > supports such a scheme at all. In particular, the scheme would need to > specify whether the encryption key depends only on the client/user or also > on the remote server holding the encrypted data; in the latter case, > decryption/re-encryption would be needed, and I don't think the NFSv4 > server-to-server copy scheme makes a provision for passing around such key > material. Right. If one were doing such an encrypted filesystem then I think making the crypto in some way server dependent would be needed or else the client might be vulnerable to being given /etc/passwd from host A when it thinks it's getting it from host B. > > In short, assuming that I am understanding the question correctly (an > encrypted filesystem built on top of NFSv4 where the data encryption is > done on the NFS client), I don't think Kerberos magically makes this work. Agreed. > > I don't know whether enough people are (interested in) doing this sort of > thing to make it worth adding a note that server-side copy is potentially > incompatible with it. And that's also a fine answer if it's in fact the case. (Hence my "possibly dumb question" opener:-) S. > > -Ben >
- [nfsv4] Stephen Farrell's No Objection on draft-i… Stephen Farrell
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Tom Haynes
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Chuck Lever
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Stephen Farrell
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Benjamin Kaduk
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Stephen Farrell
- Re: [nfsv4] Stephen Farrell's No Objection on dra… Tom Haynes