Re: [nfsv4] Stephen Farrell's No Objection on draft-ietf-nfsv4-minorversion2-40: (with COMMENT)

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

Hi Ben,

On 23/01/16 18:08, Benjamin Kaduk wrote:
> On Sat, 23 Jan 2016, Stephen Farrell wrote:
> 
>>
>>>> - 4.10: thanks for providing all that!
>>>>
>>>> - 4.10: possibly dumb question: does this (or NFSv4) support
>>>> what a user would perceive as an encrypting file system
>>>> where the keys are held-by/derived from something on the
>>>> user's machine? If so, and if the two servers involved use
>>>> keys known at the user's machine and not by the NFS
>>>> infrastructure then I'm not sure how this can work. IOW, if
>>>> there's a decryption and then a re-encryption required in a
>>>> server-server copy and if that needs any keying material
>>>> from the client then could that ever work? Note that I'm not
>>>> talking about securing the file during the server-server
>>>> copy but de-crypting before sending and then re-encrypting
>>>> before storing.
>>>
>>> Petty sure that Kerberos provides for this.
>>
>> Really? I'd be surprised. That probably means I didn't ask
>> the question well though:-)
>>
>> Does NFS have any support for an encrypted file system such
>> that the long term keys protecting those files can be stored
>> e.g. on a usb dongle that the user keeps?
>>
>> If so, then I doubt server-server copy can work in such cases
>> and that probably would need to be documented. If not, then...
>> not:-)
> 
> I don't know that there is much that has been said about a ~"client-side
> encrypted network filesystem", i.e., it is not really clear that NFSv4
> supports such a scheme at all.  In particular, the scheme would need to
> specify whether the encryption key depends only on the client/user or also
> on the remote server holding the encrypted data; in the latter case,
> decryption/re-encryption would be needed, and I don't think the NFSv4
> server-to-server copy scheme makes a provision for passing around such key
> material.

Right. If one were doing such an encrypted filesystem then I think
making the crypto in some way server dependent would be needed or
else the client might be vulnerable to being given /etc/passwd from
host A when it thinks it's getting it from host B.

> 
> In short, assuming that I am understanding the question correctly (an
> encrypted filesystem built on top of NFSv4 where the data encryption is
> done on the NFS client), I don't think Kerberos magically makes this work.

Agreed.

> 
> I don't know whether enough people are (interested in) doing this sort of
> thing to make it worth adding a note that server-side copy is potentially
> incompatible with it.

And that's also a fine answer if it's in fact the case. (Hence my
"possibly dumb question" opener:-)

S.

> 
> -Ben
>