IETF Logo Mail Archive

Re: [nfsv4] Comments on minutes of wg meeting at IETF114

Chuck Lever III <chuck.lever@oracle.com> Tue, 04 October 2022 16:58 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0146C1522CF for <nfsv4@ietfa.amsl.com>; Tue, 4 Oct 2022 09:58:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com header.b=kpofUjQG; dkim=pass (1024-bit key) header.d=oracle.onmicrosoft.com header.b=EWO79sTs
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSXZcdWvuTsw for <nfsv4@ietfa.amsl.com>; Tue, 4 Oct 2022 09:58:43 -0700 (PDT)
Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68009C1522DB for <nfsv4@ietf.org>; Tue, 4 Oct 2022 09:58:36 -0700 (PDT)
Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 294FxMeA017805 for <nfsv4@ietf.org>; Tue, 4 Oct 2022 16:58:35 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp-2022-7-12; bh=yIp7rqREGqr0mz7PQfVXdg61yt4dvfbUbB3sBiE5MTw=; b=kpofUjQGvuVIgbwinehDtjfUqo6cAZN4Dus37BKYLJpqBIAuAjn3mdfbRO0CoIvqT7yP a+1KXJPMNC+1uskNsr9mh1EAaBgzzUKolZv6ihTAN6b6GYHr0bQL0BlL7d3vBlrY3Kgb k5QCihJIMFhZDVHQ1heQEtuFcyMWUIp5w+3FZV1Qfk01IO3ewktPWtPA71Aq4NjJFYNL J5/1W/Z63O1XWkUhkI8IE4yJA6RO4qRaK4j21qrdG8JkCaMzh0GBGGAe/w/084vJv4sR 7lFuoldd6ZPatnTpwBw18AnWxZ1AoBwRFDOlWwaW3Cw9u48g2h1b7EovrykRDLAjrUIZ 9w==
Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3jxd5teyrh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Tue, 04 Oct 2022 16:58:34 +0000
Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 294GulbX005354 for <nfsv4@ietf.org>; Tue, 4 Oct 2022 16:58:33 GMT
Received: from nam04-dm6-obe.outbound.protection.outlook.com (mail-dm6nam04lp2043.outbound.protection.outlook.com [104.47.73.43]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3jxc045009-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <nfsv4@ietf.org>; Tue, 04 Oct 2022 16:58:33 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dRyd5koTDIKgTLHSxeHJrJ8nYbsemMWINosxCs0ZXMW3JGceu4DT1KpA/LCiflybcHvdTgtE91qk8+rJP1FuTakHdklXtCnjq9ytWpPVkcqvDNQ5nbN1zXAK6jbDYLjr3SejIy/ZJdjuO8Hk6BejlH+ZUA3gWll7b2gBBBinnlQsIYX19W0Zw13W55jn9oadHdaW7asX2PHlkcNIdCDd4TqsBumh6/BeAVHXvfzbFmjRrzwhoPiapu8T8K4gmvQZqOVtOagyiVDfcRusvjAUm6Dwo5YvCqUM1L+z7zSVaGLnB+d0QAwpufDbY0cP9BT16L1m8ZuZJF4R/aDdWfLaRQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yIp7rqREGqr0mz7PQfVXdg61yt4dvfbUbB3sBiE5MTw=; b=HT4nJ65a8kq4DtHeWa3+IZMhzpF9L886YmMiGVQxDXvI2NWwiY9IWvWM5ruyUisSJcIPek0NIXE1tVnDSK78EBh2WwS3+QcCH2+xwz/9YGTIuiBpjrn42yYqy6bUl+K/UuAl9L4x7HAULyZJACs05miGjBmCrkUIVMfbdc7IjZJRcXYh2VHFDAAKzhs414gG2WFjOkelrJBGQxIOlrqnMDZOa6jZ5Tg1RvW0r2nqf0xErNt7ESPWFXrTi5JO34DsSgp3tWEQL3QQnau4IeBACynKUoTw6HOfCsb7fyapjTsxyRGga4gYQHvmcsnT2vpUWCBiKYhIkXMQcwP6WCV53g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yIp7rqREGqr0mz7PQfVXdg61yt4dvfbUbB3sBiE5MTw=; b=EWO79sTsgeA0ClAq9yxjgp6PxMbjxEmdoI7dXy+TQB+RXUaUkYIXfZNqBbhMg3wbeqvLgSKPbhiV2hHtV/YGg9/6qET14KF+vjreY97iWaVlnfUzaNcnOEHtlfS/9Nvc37dN+2N7beXp/zlopnr5v50Ui/rv7qoelu7eQZdNFKI=
Received: from BN0PR10MB5128.namprd10.prod.outlook.com (2603:10b6:408:117::24) by IA0PR10MB6892.namprd10.prod.outlook.com (2603:10b6:208:430::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.25; Tue, 4 Oct 2022 16:58:30 +0000
Received: from BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::5403:3164:f6c3:d48a]) by BN0PR10MB5128.namprd10.prod.outlook.com ([fe80::5403:3164:f6c3:d48a%3]) with mapi id 15.20.5676.031; Tue, 4 Oct 2022 16:58:30 +0000
From: Chuck Lever III <chuck.lever@oracle.com>
To: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] Comments on minutes of wg meeting at IETF114
Thread-Index: AQHYxjPDm6k+YDWREEG5Y4QNw6y1YK3b7L6AgAFf0YCAAEVyAIAdwR4AgAMc9YCAACiSgA==
Date: Tue, 04 Oct 2022 16:58:30 +0000
Message-ID: <D7E5C666-CC31-4AD0-A628-927E3F52C357@oracle.com>
References: <CADaq8jd4+FPhH0m5AuBgop_xJiYMjrRKva8mX0A-gioW_8b+5A@mail.gmail.com> <2CCC6B48-118F-48C3-A764-1380BAB72066@oracle.com> <CADaq8jeoyLbC_cFd8FwSzuSGFZAi9r3UsTGAxx5KykW+-99Jmg@mail.gmail.com> <606B4B27-0DC1-4215-987F-D97A37C4C278@oracle.com> <CAABAsM7qhJwe5rw=7VpvJc22=h2gNktXOcarF0iOVv+YnarRHw@mail.gmail.com> <CADaq8jdpW9-X7e_jiucbzpXLHUy25Po0pmURdhL9tq_LKBLiHQ@mail.gmail.com>
In-Reply-To: <CADaq8jdpW9-X7e_jiucbzpXLHUy25Po0pmURdhL9tq_LKBLiHQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0PR10MB5128:EE_|IA0PR10MB6892:EE_
x-ms-office365-filtering-correlation-id: 93258b71-3650-4e3a-3056-08daa629aa1d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: F3fxDij8EDA/GoJ9bbUhIzEO9h7MWkFjrxkQvzBqXoiIzEww/myEeMA9b1OJR/DeAhB3AmuKZtFGLN6Bo5Nkdsq2onYg6fG4VF+a5LJaGgPb77LXFaA6PtJLdNjK+iCFIwW79Hc/H4m0BMe4eiKVnf7oVAS/7akWPW7aiaOgq69WHRcQi36fpQ5wipbO4azDyYhbS/DOg9o6pQXzdD8YXq4DlhcqVL0Y36GFU/7rKkQHQuU4FsNjBcjrIVw7vkcrFC4W65APchguxUl2GwCUTV9eeJBfNIRQWae7bo0r8yPsA+zM4b7Uz/+TKUwY8dzeXHYzlhhperj1H6kINzFbhHZ20RywnaK77Zsg7RdGlzGM2PP0D46SAPhMD44vVEduJwqhXUc1QUUKqOarPbI9r7Xi03uF/6gPpxJ69y3LZueRDuqmPm3aJIAK+3qY84S+bd6mj9HnB6dG2zfdyc1IkwQFk18QUdV+ESCnbLv6Xcr056cZj6TIkdAccCsoYGuToVCeOO+U8ZOVLTcnDvX6EDnvLQ+8hYOpNMXGcI3oTSuU3zFiYdav5MfWofLqmn3t85IcvHJ/diVJQdZaQscIiYjhBiD68I+DpDns2vktJ/d6c+ZzJIT2/HKmnzje9N3p3SDT3vmOVQWR8fnvYilaHasA7GtQWrNwj78ZlKPci+KiJ/GQiaMZoDm/USp1S29YDiLbx9rl/y+xGsLgyyg9yN63PyUbB5PDHykl7oz3NWWrBSox3I3OqYgig4ZEXHxB98eAM/fE5lHp54W2Q2BqIdepWTXWOuj0U9m9RglmhXe+tk8KVb/KO55ZsLTNwSFOYWqMgRzfh4kOrTeytHBETA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0PR10MB5128.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(396003)(376002)(346002)(366004)(39860400002)(451199015)(166002)(2906002)(6916009)(7066003)(33656002)(66446008)(53546011)(6506007)(66556008)(64756008)(66476007)(5660300002)(122000001)(8676002)(91956017)(6512007)(76116006)(36756003)(8936002)(38070700005)(86362001)(66946007)(38100700002)(41300700001)(316002)(6486002)(478600001)(26005)(83380400001)(71200400001)(2616005)(186003)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: s0p33FCCo6C4ZpqDYgYwyU6xQiQY/bV93aa8sbEqViy8W+VY6nrxw2Wp1xZoycxGHXmpaks6euk0kBAVAV5EPJBoFQU7po973kYACU6nEXawOcWoEdGvHfivLY8Pi+2vDVKutOkurtHgD8TWB1GEIlGneNlSe+hUuTT5bmQKLWzP3otk6G2TKZyuNbOZUQwHiq3oGPJ+mvZLiuqsMG8bqWBuIECB8phEMl/xETLe4xaVaDTaJTEo6Vs6PFUNXNGUyNRR197OqXFM8g/A9jEwnC02IoTjMD4bwIUTTpgUaWFiDLaNGxHIY2fY0WyJKoYZ+yGxqnlPQTm6l1cgN3ena+PmCQF3RQM9eXhlwK4OmVajW4qQ9/j1VFMi/Zf1yhZn8uApRiL/eEC4tz93qD+kRJyfD7yhMsNSRTlhtay6TIxbMkd+68J53cuLR1PowATSjeFje13JocqQhfsRPxWq2bD/cZpldccoUybYKP0c3qP/iU2qkuWXG4OmH31VXW3YFMDjBPn26tG+WkNW83b2oGxT4tL9CGqfy3GFc7XGMEsBvyrunk1AuN20AeSQ5XgYNr7rFkZ1qApQaspUuQM48uuFEh/HPdSZc8c5ehnhiwUsHqaodksgw6FW30dnC9Np8GrnUEjE67u4aZ0pyce3zX8+tmFzIID7vJSOh4soNAY+WY0vrkCk7mj3V/gn8ElorG2YMDQVm2VDuEEtDqwQo8Z7YqAkt/1IcSO/Lkgcr6u96RyZneg5MjcYzJsTcOo4qOz0Cs53WVj4HinmTTieKs3VwyLbXiALVI0RvlgGOsVytsXHM9pnff32FXhHcI4y250lvNVM1tteyAp9/SPD/ef/DsCsCVQawAfgRUTPE6GasrSZgFbcdqBABGx0fHtYfnC/vZkgGT2eMDWB1uEgQOhW0xvOM5ZXM4Nl1REqbdqHOADw/15MFd5HLZXzp1mwMVDKWN0zTkurCaO0S/Ckh7sVtVGx8vXaOGQp81QaDOV3fdquRAgPDo6ddiVxdcWwwEq6WQj+CNpc7ZabcmAUCk6LJt9uH2I32K9fJjbZrnBC3Hx+IKhllAmZ17LWUjAik+iGji1HB7SR1R7voTXPsEOtSP3aus+H/wmvaIwJw8S1cl8vQKkOQyac1GOq5HBlZ5H+zZpQ/qYU5TuVW6Be4hyC8T36iGhl6iM5n64StbCYc2db+XEmaBMVGHPG2BKEXH16ZJCN3gi8q8vhc4RpcJOlINMQQ6x/Y1QuMD7KP0oc8VqIu5QnWKQk8D6I5yNqI4+ifO5pUO+HASyfJSZVK07V3Apa17i4gEeqnWsGx40VukiGudAP7BI3a63LywIXxzPIZAa5vFeETtsXjHp5WOEbJjxPEg50w1HyETjW0pvAEP6C0loNwg55thZignMMfGLdINadtNir8Wuusfo24uvAjfEEKZwSdvzRpNybhAd/ogrjURVs0ynOYOeO6Yvuj0ukbxU8sv74MYEcLnH974DJ9qbYxChFo1/nGgGyUDOe3zb9fgWFeEXnycWC8g+v6OwGfcr0hMws1WQ2LaxUc/7z4ZZjykDAtQNLM2O9gLihX+olnGF1Au/jrF+v60SE92xvfRL5x0HwEFvTNuQxiw==
Content-Type: multipart/alternative; boundary="_000_D7E5C666CC314AD0A628927E3F52C357oraclecom_"
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: ori67rQQXD8DtGa+3jtNnPav3gwM1Xvk9EvWALD/8Utc4ABdVEHBHGXMyU1Z7lEQmE4xKTUkNJg43WFxeMOlkMvgvcc5xZebKF8+kNtsEIMDe2/5glpCeTwWtiSbD02JsxW30afuqvc9YQchp5DsumEVgTG4KHedkc1PnlZlPb51RpAQx46S/AyxO0A1nIVH20qvMLucWKpYuf1xWWyUND89mU3L6RavrqniGeUCivge/noR/wZcGf6Bc/2KBi3XhUpwtkLCQMzM+eCzZzaLW25+wc+TXSacntJytgFB2IJ6w2sCClVvQFJhphwTUu4WhfgahthIlTqjdkFJB2g0uC9iPOWRs5yWlpZJVnhUcwItUfnebAkg8R/Um6mFb9TaUxIxhzwhnndQSCUPy/KMex31HNQa0qxclpdxs9b+C5s7Ljs4Bm8/UybBXgn8o5iCR2hg8DloxwK3aQzexXUAMMADBzbpCXbJhFhf6LxnZSWda5VB306nl7xP9HQXukDEhJhCVdWtPXSNdqr3E+Qy8ihfkkXvnVTTHQPU0PW+RcoU8Dk6+HOC+4luGr/8Cxwv9a7MAXf11rkEA9fSH/QYZCS+DKUc1lb0DCWASb2jtaooHtUMVC66Dkv2Lk/sFXr1/b0jI/i7snuvgQqPd3uqEPIUWoD73vHhjeWShlYSNhVHYfg3Q4uHzccPyzQC2Exk486O3y5djg9d4xwmzORgE5J3oUIfLeWusOiOZ/BJ5UJv0gVbouJsN5nnRkoEK8lT
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5128.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 93258b71-3650-4e3a-3056-08daa629aa1d
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Oct 2022 16:58:30.3631 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: brFwzUx0xlgfr1D2bym5UN6icE7ZFlyhufFbJx4m3JCiJWGS5kJtsh3LnZmdxvfLXmFgINOiVpXy8O3IGw9E3A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR10MB6892
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-10-04_08,2022-09-29_03,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 adultscore=0 spamscore=0 suspectscore=0 bulkscore=0 mlxscore=0 mlxlogscore=999 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2210040110
X-Proofpoint-ORIG-GUID: 9vOXlRZ1PjoRQwzDOsv7Nc-WkZYT5Jen
X-Proofpoint-GUID: 9vOXlRZ1PjoRQwzDOsv7Nc-WkZYT5Jen
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/vWT__BC7IUMlH_Zj9apy6mfkung>
Subject: Re: [nfsv4] Comments on minutes of wg meeting at IETF114
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2022 16:58:48 -0000


On Oct 4, 2022, at 10:33 AM, David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>> wrote:



On Sun, Oct 2, 2022 at 11:01 AM Trond Myklebust <trondmy@gmail.com<mailto:trondmy@gmail.com>> wrote:


On Tue, Sep 13, 2022 at 12:38 PM Chuck Lever III <chuck.lever@oracle.com<mailto:chuck.lever@oracle.com>> wrote:


On Sep 13, 2022, at 5:29 AM, David Noveck <davenoveck@gmail.com<mailto:davenoveck@gmail.com>> wrote:

On Mon, Sep 12, 2022, 12:25 PM Chuck Lever III <chuck.lever@oracle.com<mailto:chuck.lever@oracle.com>> wrote:


The conclusion of this discussion was to let the RDMA and ULB documents expire and remove the charter milestone.

Regardless of that, we would have to ascertain consensus to do that. Decisions at working group meetings always have to be confirmed on the wg mailing list.

Fwiw, the co-chair and area director in the room at the time did not state that requirement. The co-chair stated that the charter change was implied by the decision to allow the documents to expire, so I assumed that meant that no further bureaucratic actions were necessary.


That should have been done a month ago, but we might as well have that discussion now.


A version 2 of RPC/RDMA is not in demand by any customer.

Fair enough.  It is a shame we have an RDMA approach so inferior to SMB.  Sigh!

>  I feel it’s time to let it rest,

If you don't want to push this to a conclusion, then we have to live with what we have.

It's not a matter of not wanting to push this to conclusion. It is simply not possible for me to finish this by myself: proper protocol development requires two independent implementations.

After Linux, where is the second implementation? (Answer: there isn't one)

Who is bringing RPC/RDMA v2 implementations to our testing events? (Answer: no one)

Which vendors truly want to bring a second implementation of RPC/RDMA to market? (Answer: I have yet to hear of one that has the resources to do this)

What customers are demanding it? (Answer: I have yet to hear of any; the demand has come exclusively from complaints made by protocol architects)

Improving security for MPA/RDMAP is an approach that lifts all boats. What few resources the WG has is better spent on that instead of RPC/RDMA v2.


> Unless or until there are sufficient resources to attack the addition of transport-layer security to MPA/RDMAP.

That sounds to me too much like "We'll do it when we get around to it."

You can spin it any way you like, but that's always the way it's been. When we have the energy and enthusiasm for an idea, it will get done somehow. We have more enthusiasm for what is essentially iWARP on QUIC than for RPC/RDMA v2.


Because of the importance of security, we cannot simply wait for such resources to drop into our laps.

It's not clear what motivated this remark, but no-one has suggested that we ignore the security requirements of RPC/RDMA.


Chuck has informed me that a wg decision was made to abandon this document but that does nĺ⁰ot appear in the minutes.

I'm perplexed by this and expect to remain so even if a 3-D 4K-resolution video were discovered.

Given that this was an individual draft, the decision was not a wg decision and does not have to be confirmed on the list.

Instead, it is Chuck's decision to make but I'd like to understand why he made it.

Let me give people some background.  Chuck objected to the treatment of SECINFO in some earlier security-0x draft.  He thought it was to complicated so we agreed that he would publish his approach, as he did in rpc- tls-pseudoflavors and I  would refer to that in the next security draft.

Now it appears that Chuck has changed his mind and I'd appreciate knowing why<http://why.ch/>.

Rick told me he is not going to implement it. Trond stated that the proposed mechanism is a hack, which I take to mean he will not accept it in the Linux client.


 Chuck recently reminded me that I haven't commented publicly on this draft. I did explain my reasoning in an email to him a while back, so let me just quote that:

To clarify things, it appears that your comments relate to Chuck's individual draft.   While I am interested in the fate of that draft, I am also interested in the SECINFO changes that shared some of the same motivation in draft-dnoveck-nfs4-security-05 and that I'm planning to include in draft-ietf-nfsv4-security-00.

It seems to me that your comments primarily apply to use within v3,

I don't read Trond's comments that way at all -- the objection is to changes to both NFSv4 and NFSv3.

I disagree however that the WG shouldn't bother with improving the security of NFSv3. It's obviously still a widely deployed protocol, and maintaining RFC 1813 is part of our charter, I thought. The NFSv4 security document can't make any normative or informative statements about NFSv3, but we are still well within our charter to publish independent documents that informatively describe conventions that NFSv3 implementations can employ when making use of RPC-with-TLS or any other variety of transport-layer security.


but I can't be sure and want to make sure that there is no objection to these pseudo-flavors in the context of NFSv4 SECINFO.  Plese let me know if there are any issues.

I think I objected pretty strongly to the pseudoflavor proposal that was initially a part of security-xx, that's why I took the trouble of proposing the RPC-with-TLS pseudoflavors alternative. I would prefer publishing none of the original p-flavor proposal over publishing what was in the original security document.


First of all, it is mixing the concept of a transport and authentication.

That mixing was part and parcel of rpc-with-tls and don't think it is inherently harmful.

I'm not quite sure what you mean, but to be clear, user authentication is explicitly not part of RPC-with-TLS.

What I think you are trying to describe is a security policy that is applied by NFS servers based on the presence or absence of transport-layer security.


While TLS can provide authentication of the client to the server, the only thing that should matter conceptually to the SECINFO operation and its ilk is that there is some form of trusted channel that is able to underpin the otherwise weakly authenticated RPC operations. How that channel is created, whether it is by TLS, QUIC, or even krb5i / krb5p using the machine principal, …. should be irrelevant to the NFS client.

I agree.   I think my current text takes this approach, but it would help if someone checked it to make sure i haven't mixed up i.e and e.g.

Secondly, we always send a NULL ping on connecting to the server anyway. If we’re going to negotiate TLS, then why shouldn’t we just use that NULL ping to immediately deduce whether or not TLS is supported? As long as the server replies with something (error or not) then we know that the connection to the server is good.

In the v4 context, we have to account for different fs's (or even different namespace regions i the same fs) , so that a good connection to access one piece of the server namespace and it might turn out tnot to be acceptable in another piece of the namespace.

It might be that if you were designing this now, you wouldn't bother with SECINFO.  Nevertheless, we can't rip this out in rfc5661bis, and I felt that the best approach was to augment it to support security provided at the connection level, rather than limiting it to auth-flavor selection.

Thirdly, there is the fact that you’re learning this information after connecting. So what is the point? If you are already connected via TLS, then the information that TLS is supported is known. If you connected without TLS, then how can you trust the reply?

Again this is different in the v4 context.

This is the whole bootstrapping problem that causes us to prefer to always try krb5i first for SETCLIENTID/EXCHANGE_ID if we have access to it, even if the NFS mount has specified sec=sys

Still, you might find upon accessing a part of the namespace that you can only do so with encryption.  That requires SECINFO has a way to require a secure connection.

It would be easy to make the following stipulation: When a server's security policy requires transport-layer security to enable access via AUTH_SYS/NONE, then a SECINFO on a protected transport should continue to list SYS/NONE, and a SECINFO on an unprotected transport would not. If the client uses AUTH_SYS in a way that does not conform with a server's security policy, the server rejects the request with AUTH_TOO_WEAK.

In my opinion, if a server has an RPC-with-TLS implementation and sufficient authentication material, it should force the use of transport layer security everywhere it can. I don't see the value in permitting unprotected AUTH_SYS on some filesystems and requiring protection to access others with SYS. Is there a real use case today where a server administrator would want to enable such a policy?

Taking a step back, it seems like we're putting the cart before the horse by trying to design protocol for which there is yet no implementation. I thought the working group's role was to codify existing implementation practice, not invent new protocol and then ask people to go and build it. Shouldn't we wait until either a) SecDir complains there's something missing from the security document, or b) someone has actually implemented protocol that should be shared?


--
Chuck Lever

v2.23.0 | Report a Bug | By Email