IETF Logo Mail Archive

Re: [nfsv4] Agenda items for virtual interim

Rick Macklem <rmacklem@uoguelph.ca> Sat, 16 October 2021 22:34 UTC

Return-Path: <rmacklem@uoguelph.ca>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E7523A0A9B for <nfsv4@ietfa.amsl.com>; Sat, 16 Oct 2021 15:34:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uoguelph.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZzvtJAV7Kyv for <nfsv4@ietfa.amsl.com>; Sat, 16 Oct 2021 15:34:06 -0700 (PDT)
Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660043.outbound.protection.outlook.com [40.107.66.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 813153A0A9A for <nfsv4@ietf.org>; Sat, 16 Oct 2021 15:34:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IhYKRbi5dCkp/3/FR+wYXi/l5NLI/oCfWlXoCsLgTs3gGp9IOM2k35SRTELKpqnFV9yKe3nC7+4wguvaCUBDY50BUoLSJH5kWESpzM6AzukxtziVnwGAD0ry7sV7IwNHUY8WoWhz0+qUO5XNrGIE9+rBqZgpUNQQT3pnVJ5mUjTQK9CQv+wYZ5IBeRMeQYrtX4e6lkixD/ilGaH4pmVzwZVzxJjPSKqpt6DN+VUjg1R8vxv4tuZ8gy0H0BehXejspjrPK/gb5p4A19/9JUkjTOKLL/kD1zdYbmg4KLWcGnzd8dn7vq3ueaOntXDdcggP3ANUDMNoS1LzsEtpPOjEBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Cze3bMtMTU7stjq7z/x86S7wuQoDPguvuFzONf32Xa4=; b=nJgqwDbGyo9srPzLZ+p4YV+plRseGt3n5vEPNmFbSXYYWdMp7GgkVrcyIdNipRw4xjCQX/FAPE2R93KyjTJV8n7b7RVgxnPr2AMG3pUfSMCa6JG4/zjp67lHsCpEEq0n3e2EmB3/iqv3aVNFZLNxeVh6oFMaW+uZewn/4pArQK2dmgpdbEuyaP0HII0t6jfrcHHwxFNkCS8XPm8COuFFntIQ6vElv/mZMYjatYW7o3nNnsrXwmiOi6q74L98mXMdZF6eUuiENC0gVJ6IVYsajsnzygufbE234D/snNvkFXDSWxYZ47zckhLOOosWFgrAXyJop5tVBEe3wbH43TxTSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cze3bMtMTU7stjq7z/x86S7wuQoDPguvuFzONf32Xa4=; b=A9bBhZUXzQIabyf1OAaJnipCvBa02dip75DSyjdjnNxnFekUhaf+O9JxIbGLapM26A26X8boKx3Ywu/eihBBUxwQCsilywzzZiUQCRUUMqYetrfNeKVuI74yipDyQZSmUgHJrAr5G6Z6v5USuDQ6DEYMdy1tngdPjilo3RQLCT2MoS3hbBLv3xTwiQftUQnBSS+dTNp9A4abCC6uATwNn6SAULk9v78a2d+B9aurVWIiwvTnpgURiZheo7wIwcWaR1COKNhjvPVcySd/dVz91SJQpxEASHlXFWHLWXzH6u5Tz/sr//bDwzly6F1jXN3aJtknbuwCukjbsm9rBgJ5sA==
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:19::29) by YQXPR01MB6640.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:4f::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16; Sat, 16 Oct 2021 22:33:56 +0000
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::7091:13ac:171f:1c12]) by YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::7091:13ac:171f:1c12%5]) with mapi id 15.20.4608.017; Sat, 16 Oct 2021 22:33:56 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: Chuck Lever III <chuck.lever@oracle.com>, David Noveck <davenoveck@gmail.com>
CC: Tom Talpey <tom@talpey.com>, NFSv4 <nfsv4@ietf.org>
Thread-Topic: Agenda items for virtual interim
Thread-Index: AQHXwpGttGFuyxBM60eQzXiEbYfQQKvWI2yAgAAPYK0=
Date: Sat, 16 Oct 2021 22:33:56 +0000
Message-ID: <YQXPR0101MB0968C79FEFC81144219D2ECEDDBA9@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
References: <CADaq8jd_pcwJrqnFCqnHo7DXxnzc+ZpL28wRUMqkK-3zesc6mg@mail.gmail.com> <7560301C-4C5C-422C-9F55-B4F362AE5BF7@oracle.com>
In-Reply-To: <7560301C-4C5C-422C-9F55-B4F362AE5BF7@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: d88a2845-b1e3-1f86-5de3-a97a8d064482
authentication-results: oracle.com; dkim=none (message not signed) header.d=none;oracle.com; dmarc=none action=none header.from=uoguelph.ca;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a353ec38-0ddb-48f2-d69d-08d990f50a81
x-ms-traffictypediagnostic: YQXPR01MB6640:
x-microsoft-antispam-prvs: <YQXPR01MB6640DECF2DD49FAED39821EEDDBA9@YQXPR01MB6640.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0jDHbwE6cH+B9Dh0+f9DIsWkDrwhGg4EZEO5tFqdBDKdg806aexXms22nbfokQwHjbvIj4RijefOQA7KPdSyyiN3ZHnXzV6+4ikjbEPnyHxs8bA5Bswo+JbcrNElrHNxl0klASIghOJokHYGqtzIsVaDlpJStFR6skFszsEwY5tntfcimf0VaTaMHlaLXMvGIn3urPFWFKDsdd4igMySpVD5JuyBH9h65wXGHBHjy9YCq6UoIe5Q85lFASx2d6Nk5PzU2jisBLR+O88WZS/tnReE2eRvbG1KCBlQ4f4D61lieZXgwPIioaB6v80WBTNb7J1y7FuDVcrwOzUgCG5zLfSdM+tI3eYtbDoKfUvg6tH0r71yb7pNj7RKEikn86rQB20MbyfqsKJjhdPQZilZ98kneWYFkYznlewJhCX1o2qVUvOfQ0OJeRun2d/wYuLSzGIEldNQ9mrc1JPKeoqCeAZfo6ajdUNvBuY/WvQGdyc933e13VdFNcFc16UOtAKhh5gBFVDKR3v08Tr7c74Yi/5WqaRyGf++lzY+N4xLHwG1/X30PHtRZoo8xx5TZmFUCAMFjYadvo4FFAkbyuI0cci9eJiJ3cXN4nya25qxUx+65BseA8PYnuBUYF+R/2xX1R1J0oo4HLjzu26OpN9VFkE1yn/UJAWASG6IR09bzy/uhwVwYFjl839JscVGaUiLavKQWj4cbNCiyyjb8EcHmWWiTF32Fru5R2C/2gdvMy/I9c+euVf8+y2D/WNlJL16LSNjYOSKj8uBQ69vfLpZ38U3VKenKRwsrNcPWvmmyUQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(9686003)(5660300002)(52536014)(186003)(8936002)(6506007)(2906002)(786003)(122000001)(38100700002)(7696005)(316002)(38070700005)(71200400001)(966005)(55016002)(508600001)(83380400001)(54906003)(110136005)(86362001)(8676002)(91956017)(66946007)(4326008)(66476007)(33656002)(66556008)(76116006)(66446008)(64756008)(53546011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IEPUUl0ftbMgd2V8EzCYmdUuZPj4Ykg4R3Q4n37n00dgwD1yGf/uzJGo9syJVogRSdD1CAKbTBUXkGk0nJpQjjeV12YQ4lkPjxqqHhM/omXMc8yCHygTHDipfoUAPVog6yPDu1fcbQL3PDu+uq+hUoZV8DOjLO/Pb385qJxgyISNcNda/K7JdGwQ7J0xC0so3Gg9YzsjkZbZCaBKXXkQV7aCuzYcFO5ezZBdtAjo1Z+vMUA32aPMAVSrmcW3aaYWjiLlh3FYRL14k4Ht5gXkqbAv8Kk++1dHHCwNUzM2WMxH5soBmbeo2rlmz5y2cYWzt3/6jvmSB6Vq4Fpyd8dz77r70wuhcuCY1KL71uXlz68nupoDGLQeXzjTzlW7K4i2KWLKc78wlWRlFMOcn4mcyhOEyE1psZGe62pEwgdPgdZBztWF5W3ZLcroFqt2Tn1OPXlZrl+BsHFUA2kCo+BAvxMlSxdxtlNrL7GRndGBBxXuMHw+W4sSbZDPIjI/cccvW1LNOtU7L5zeZUJQbsA9G2PgL/k7tCYttIkUKETZ5aQ57W1z3fTCqvaD72Ai0/mySy/uCC+05kOsHOEzsk9WkhaXDrEjKpJzpBiSs51g+ecmPlumr6IjNa5OcqqSAXZh9RkhrDWBa6wIx9cn0R+AUEiMKv816RjnSmQdLvhCKzCThcAF5JU8aPqP8HB4juohRrZyMJy32iTlHspGeFrBQmtvuwvLWLzWl9iDOnvUZCFaC7zpj1Nd+8qZOV3LLw2N1M4CyNeLRQXSRXUe+5bRm9uO0o7dZZUeoQRAbkqRj5QI4ug/NVZYH1IQjq3SK/vTqBlm+xivyM7V8zH4q2sy0e7rVt5Ui7Ra7YcT/LEqoMnCrnWVBQ5ra5c8g43siEV1QtVDKzIkmRgWfIiKAsn8sSGPMegSCI4auyjfkZABP5kcgMw57u5qGe+PL1ik3L1iWxPQUYrm5IgGZfhLPHu/9AEQ22SlSYXOs4VTmfGBz2tQ/y45w69Gta1kIUqyUoPH/uYM/iXNxV3EkAFTe/6kM9tbhc+mU/MayO6piV45/xXDuuI966+toO9W7JmZtOuS/odrzP/KvOGcKSIeLL5vk9xYur0jO/0w7z3h/iZ5AA78WeTSZky+DHTIG0NEc1Pi21tsKNQIhlO/pUN9J1N0VXSPYr0et01mIg9rrmPrn4wP80qCqW5BCCeeGGUrxBSOmR6XHMnUtvV/lnXPT6MPNfP+Q4Y5YiMUEq85S6K5DuOmRaoe5QzEXMNTJ0JWTLrCan5SRr1jezhBhlbHICQuNEda12IEM8hGnBKw5hpFKWRYlN9lZpsl94AC/39DnHer1ODEOp8oaHrJ9nytxVaSxjOsjDHSbLpW0Ut2uosCDrpODLcQmcCrG7goE5qRCRZQ
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a353ec38-0ddb-48f2-d69d-08d990f50a81
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Oct 2021 22:33:56.6344 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zyPq37GRlQJuXFcXNVBhM/Sug9TivTSSFG3wjcPserQB/s2FvLqPALE0D5GFCzqA5iULEDOA9+Ibrxd0Zed2aw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR01MB6640
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/teRxxVsPG0gk5nmcxdWk03a2QnE>
Subject: Re: [nfsv4] Agenda items for virtual interim
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Oct 2021 22:34:12 -0000

Chuck Lever III wrote:
>> On Oct 16, 2021, at 9:28 AM, David Noveck <davenoveck@gmail.com> wrote:
>>
>> I'd be interested in hearing from Chuck about his thoughts about addressing use of RPC-with-TLS for NFSv3 and >>how that might or might not interact with the v4 security work now going on.
>
>I haven't had a chance to read nfsv4-security yet. That is at
>the top of my to-do list.
>
>After that, I think I'd like to huddle with Rick to discuss
>how NFSv3 should work. Once we have something, we can present
>options or discuss it on the mailing list.
Well, for the implementation I did for FreeBSD, it just worked. All the changes were in the kernel
RPC layer used by all versions of NFS,
--> I suppose there is the question of crossing server mount point boundaries, where the
      requirement for RPC-with-TLS changes, but at least for FreeBSD, NFSv3 exports individual
      file systems, so there is no issue.

Having said that, I have done nothing w.r.t. the ancillary protocols (Mount, NLM, NSM). To do
Mount and NSM on FreeBSD, the userland RPC library functions would need to be modified to
support RPC-with-TLS. This wouldn't be hard to do, but  might be hard to deploy, since it means
that all RPC programs would need to link to the OpenSSL libraries, and that might not be
acceptable to the FreeBSD collective.

Not sure if support should be required for the ancillary protocols and not sure who would decide?
(Does Oracle claim NFSv3 as theirs or is it just an orphan now?;-)

>In short, I agree this is something that needs to be discussed
>at some point, but I'm not confident I'll be ready by Oct 27.
>I'd prefer to see some discussion on list about this before
>we bring it to a WG meeting.
I'll be interested in hearing what others think? Chuck, if you want to email off-list, that's fine with me,
but I'll admit the above is all I can think of right now.

rick

(Given the limited degree of interactivity available during a
virtual meeting, I'd say we should consider restricting the
agenda to slides plus a couple of executive WG decisions for
each chosen topic, at least until the virtual meeting
technology improves).


> I also want to hear from Tom T about a number of RDMA-related topics:
>       • His 'push-mode" work.
>       • Possible approaches to a secure RDMA protocol taking advantage of either TLS or Quic.

This might not be a popular opinion, but DDP/MPA over QUIC in
my opinion would be a more straightforward option than plumbing
a bespoke authentication protocol into RPC/RDMA. A transport
level approach could also help resolve the authentication issues
that came up last time we considered a pNFS/RDMA layout type.


--
Chuck Lever



_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email