Re: [nfsv4] Potential erratta for RFC7931
David Noveck <davenoveck@gmail.com> Wed, 05 October 2016 20:11 UTC
Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 409EB128B37 for <nfsv4@ietfa.amsl.com>; Wed, 5 Oct 2016 13:11:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R-1ruXPq8tek for <nfsv4@ietfa.amsl.com>; Wed, 5 Oct 2016 13:11:04 -0700 (PDT)
Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A750129889 for <nfsv4@ietf.org>; Wed, 5 Oct 2016 13:11:00 -0700 (PDT)
Received: by mail-oi0-x22c.google.com with SMTP id d132so84462962oib.2 for <nfsv4@ietf.org>; Wed, 05 Oct 2016 13:11:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xh96nNWLzBrTsVXiXH6AjKbyKpyDtHzmK8Tp1QUhukI=; b=yiUU/AcATIasBuFqP7TeLbMRo4vOjFct/RetejbsikD48r3EawvPr2R9rVjrjhY98l mv+U79c+gKYbMQDKpnXxKteFxs0nR/87AhQgQlyiuyw6Cd4M2EOO7o70ioRlstxDVZxi ZDl1idASMEm5L04/Vi7hL7Rwcl+Gi8Z6FIyPaV6pHDmL7HPc/CK80TuvzWeExCdr5sC1 CFBqfyVzQtZZbs4fo6ubeiIW3UIYECx/QB7aHy0ze1M8i2vF/cJ8yAt8ucRw45fPGOG9 JkxxjSeht3gNgmCTNePk0TEpdAVbPqL/XdbcSwf5T0fy8PUR7f/gRALB4oLDTLrApSIp S1pQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xh96nNWLzBrTsVXiXH6AjKbyKpyDtHzmK8Tp1QUhukI=; b=hTCCpFFy4WAtHQxDOFbkNRIaCk23FYl9GVbaHtbIVV8r2GuwCg17xWM9bVkMSwAI3h 562iBo+eOxqj9ebxaSwt3cxI+DYxiMyNMenZuk/QXEiSPBwEGDQ2rW2BPZRUAT2utqfW CluIWXP2ypa2GW6YYrGlsUGIeU9LsJ0bxyuaWlvnMIMbNb1IyE7p6cu/D0823iQzPaKh ARTEDhBVkIxS4gDpZsKCsfEO1AApqnAdj0J3l2oOuBMA/Tyqbxf2A2b+soC0yztwyb5/ OersYBjZDY+/k0tZ0Uf216rjO2LTO61Ks8tNVajTDP0Py6JUWQira7rUYieSMfZ8SqoH nhLg==
X-Gm-Message-State: AA6/9RkxEEqclSVBTlovWZU57xAQsFvcJmwcSphuFZDa8D1EBsFh1AwMuHu0Q5MXJX6MryjTuuvm2wgoya4J1Q==
X-Received: by 10.157.25.170 with SMTP id k39mr6529239otk.231.1475698259822; Wed, 05 Oct 2016 13:10:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.107.77 with HTTP; Wed, 5 Oct 2016 13:10:59 -0700 (PDT)
In-Reply-To: <20161004181822.GB15057@fieldses.org>
References: <CADaq8jdc+5oLkvaxNkpxm65gH_X8+fGarZLAsq-bgGrUxSYC3A@mail.gmail.com> <20161003151158.GE3324@fieldses.org> <CADaq8jfDdy8CnDGdisq+CwdXYgaUbSOCri2q7KOxo-bCzmC7wQ@mail.gmail.com> <20161004181822.GB15057@fieldses.org>
From: David Noveck <davenoveck@gmail.com>
Date: Wed, 05 Oct 2016 16:10:59 -0400
Message-ID: <CADaq8jcjs3K8f+3gxuL_c-WTvPxjXpO5ZO7DFy_+QeoYGuEBrQ@mail.gmail.com>
To: Bruce Fields <bfields@fieldses.org>
Content-Type: multipart/alternative; boundary="94eb2c09b3b6929266053e23c620"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/uUAWsXn4hl7WxV-u3ZuObQtmT34>
Cc: Bill Baker <bill.baker@oracle.com>, "nfsv4@ietf.org" <nfsv4@ietf.org>
Subject: Re: [nfsv4] Potential erratta for RFC7931
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 20:11:06 -0000
> Sounds good, I'd just delete "at least once" in the above. I will do that change. Since you can't repeat something less than once, the change cleans things up while leaving the meaning the same. "the SETCLIENTID procedure mentioned above needs to be repeated at least once" --> "the SETCLIENTID procedure mentioned above needs to be repeated" On Tue, Oct 4, 2016 at 2:18 PM, Bruce Fields <bfields@fieldses.org> wrote: > On Mon, Oct 03, 2016 at 07:21:18PM -0400, David Noveck wrote: > > > Nit: I believe your argument was that one repeat was sufficient. > If > that's > > the case, let's say that. > > > > Good point. See the replacement paragraph below > > > > > And the bottom of p. 24 also needs an update: "Note also that > > > the callback update procedure can be repeated multiple times > > > to reduce the probability of further spurious matches." > > > > That's already within the replaced paragraph. > > Gah, sorry. > > > The new proposed replacement paragraph is as follows: > > > > Although the NFSv4.0 specification requires the server to make sure that > > such verifiers are very unlikely to be regenerated, different servers may > > use the same approach to the construction of such verifiers, raising the > > probability that two distinct servers might inadvertently assign the same > > verifier value. The fact that the servers in question have assigned the > > same clientid4 may raise this probability. In order to guard against the > > possibility that such assignments might cause two distinct > > > > servers to be incorrectly considered the same, the SETCLIENTID procedure > > mentioned above needs to be repeated at least once. Repeating the > > procedure once is > > sufficient to ensure that the successive confirm values SCn, SCn' > > generated by these repeated SETCLIENTID operations cannot all collide > with > > a verifier previously received by the client when communicating with IPn. > > Sounds good, I'd just delete "at least once" in the above. > > I mean, it's technically accurate, but it leaves me wondering why you're > suggesting that I might want to do this more times. > > --b. > > > > > > > On Mon, Oct 3, 2016 at 11:11 AM, Bruce Fields <bfields@fieldses.org> > wrote: > > > > > On Sat, Oct 01, 2016 at 09:02:52AM -0400, David Noveck wrote: > > > > Although the NFSv4.0 specification requires the server to make sure > that > > > > such verifiers are very unlikely to be regenerated, different > servers may > > > > use the same approach to the construction of such verifiers, raising > the > > > > probability that two distinct servers might inadvertently assign the > same > > > > verifier value. The fact that the servers in question have assigned > the > > > > same clientid4 may raise this probability. In order to guard > against the > > > > possibility that such assignments might cause two distinct > > > > > > > > servers to be incorrectly considered the same, the SETCLIENTID > procedure > > > > mentioned above needs to be repeated at least once. > > > > > > Nit: I believe your argument was that one repeat was sufficient. If > > > that's the case, let's say that. > > > > > > And the bottom of p. 24 also needs an update: "Note also that the > > > callback update procedure can be repeated multiple times to reduce the > > > probability of further spurious matches." > > > > > > I'd update it to something like: "The callback update procedure must > > > then be repeated one more time". > > > > > > > This will ensure that > > > > the sucessive confirm values SCn, SCn'. SCn'' generated by these > repeated > > > > SETCLIENTID operations cannot all collide with a verifier previously > > > > received by the client when communicating with IPn. > > > > > > > > Comments? > > > > > > I think that's correct, and it's a minimal change, and therefore maybe > > > it's the right thing for errata. > > > > > > It bugs me that the only client I've looked at does something different > > > and much simpler. > > > > > > After receiving the SETCLIENTID with a clientid matching an established > > > one, the modified RFC7931 requires, if I have it right: > > > > > > 1. SETCLIENTID_CONFIRM to the new server. > > > 2. SETCLIENTID to the old server. > > > 3. SETCLIENTID_CONFIRM to the new server. And with this fix: > > > 4. SETCLIENTID to the old server. > > > 5. SETCLIENTID_CONFIRM to the new server. > > > > > > Whereas the Linux client needs only: > > > > > > 1. SETCLIENTID_CONFIRM to the old server. > > > > > > And that works just as well. (The existing Linux client has the same > > > bug, but that is fixed with just a single if statement and no more > > > round trips.) > > > > > > So at some point I'd hope we can document this, as 1) it's actually > > > being used by a major client so people need to know about it, 2) it's > > > easier to implement and analyze. > > > > > > --b. > > > >
- [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 J. Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 Chuck Lever
- Re: [nfsv4] Potential erratta for RFC7931 Chuck Lever
- Re: [nfsv4] Potential erratta for RFC7931 J. Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields
- Re: [nfsv4] Potential erratta for RFC7931 David Noveck
- Re: [nfsv4] Potential erratta for RFC7931 Bruce Fields