IETF Logo Mail Archive

Re: [nfsv4] NFSv4 on TLS

Trond Myklebust <trondmy@gmail.com> Tue, 16 October 2018 21:18 UTC

Return-Path: <trondmy@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C4B6130E5A for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 14:18:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E-pGX41s-v6H for <nfsv4@ietfa.amsl.com>; Tue, 16 Oct 2018 14:18:05 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65540130E35 for <nfsv4@ietf.org>; Tue, 16 Oct 2018 14:18:05 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id p4-v6so17503567iom.3 for <nfsv4@ietf.org>; Tue, 16 Oct 2018 14:18:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QoOkxi5gYitbR6wJJ91LcLan4ZKEfTNVF6yG9JsB+vw=; b=cXzNS8jUIoxbrJsF/guujoklOpWoYNMuiNFMHe52bEg5TnnqJbVr5GrD+EDo59ueYZ UhJfmQ3PGdajneKgJ3i9/r9oFn7Yy0znLAklsa0Gyy/sBKEjthlUI6chswHXX0sp+89C RESZCswTNHfrqbwKkXVkL5L1qAduuBWZouNaNf/asSIVUJRTADKIUYuVEK03JUNLUeCh aDIs+ewum6k+NQhBLxV2rpWenz4Q/9kzgRPRirzfdu0yFmcGN1Xxlb58vigXbMDJQLRF lT0cBGtVdM06B41BkFzk2V4jEX7d9exZhVpmx5DzVnsQtE4cYwAx303orIH4e1e4gw+1 p0dA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QoOkxi5gYitbR6wJJ91LcLan4ZKEfTNVF6yG9JsB+vw=; b=IwfyJjNWdlOiZgKf2YIb1Nc6xZgfBTnEy9QGUa2wlsIcKEaXrbBsIfpSA93EO+aBb5 kdP397OjuUiLI0NksDfKfEffzBk/PpehawqrOUTSspF1SNzry9b4YOBRsX/Gd0J2HDP5 v2Szo9JCqN4k5RGJlj1B71ahz+dOoVazLLCYvKlxV9kKFwX3Oq7PK8DpCjQNI9VRYONO g3Lx2nfeG9fvhOg00lOmH8WKkSCNDPl0j8j5hrKvorO8rSF5xoY/OH/QCFzyWVuTHBan 1a9w59vdfKXwqjF88nDGWLeTZtc8lJYryvAdoJv34uPaBtwyxuLE5l0+MIfE8spczZ4F tjJw==
X-Gm-Message-State: ABuFfogbtgKwO2dGFvzP6QGeTMxfR8jCXPbVTp/yc8mIOQ8aCpdqyyH6 RbcuOjvnxljC06JPMawVxOb9EvUei4Qs+6fdcA==
X-Google-Smtp-Source: ACcGV62vqkdNYnE9sIEib+nMFg0Dv3Bf+kO3dd0hANeF/k/201ptXzclSTreFnEgQSsO9AJs92G6Zle6kKcNAalPtao=
X-Received: by 2002:a6b:f614:: with SMTP id n20-v6mr12583807ioh.259.1539724684447; Tue, 16 Oct 2018 14:18:04 -0700 (PDT)
MIME-Version: 1.0
References: <FD3EEC6C-887F-4F3A-AB9E-87AB9EE34ABD@oracle.com> <20180826214725.GA10368@localhost> <9A8DAFF1-C837-4AFA-99CB-863C09091608@oracle.com> <20180827185325.GB10368@localhost> <CADaq8jdr0w74J9db-AZTQ_dAP5ngT53R=KvLuK7xnVpptpbOCw@mail.gmail.com> <YTOPR0101MB182075AD5B7E864C48FF6324DD0A0@YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM> <CAABAsM5FatQmorZpTu4MGCwZMahRSJdhJu9gEPgjDEepcjjHfQ@mail.gmail.com> <20181016200243.GX19309@kduck.kaduk.org> <CAABAsM4OazaMxkDgoJZ7vV8R1HWW=jJQHwQwSEyxCryRFJDJpw@mail.gmail.com>
In-Reply-To: <CAABAsM4OazaMxkDgoJZ7vV8R1HWW=jJQHwQwSEyxCryRFJDJpw@mail.gmail.com>
From: Trond Myklebust <trondmy@gmail.com>
Date: Tue, 16 Oct 2018 17:17:52 -0400
Message-ID: <CAABAsM45=CNFNzC=odfej3NqMpO4Ls_5uzfGLmpeWcCZ0aqL8Q@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Rick Macklem <rmacklem@uoguelph.ca>, nico@cryptonector.com, "nfsv4@ietf.org" <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000de57e105785f16db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/vXhAsuitlD8bgXNeYmH84n52t6Y>
Subject: Re: [nfsv4] NFSv4 on TLS
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 21:18:13 -0000

On Tue, 16 Oct 2018 at 17:03, Trond Myklebust <trondmy@gmail.com> wrote:

>
>
> On Tue, 16 Oct 2018 at 16:02, Benjamin Kaduk <kaduk@mit.edu> wrote:
>
>> I'm not really in a position to speak of the level of demand for such a
>> proposal, but...
>>
>> On Tue, Oct 16, 2018 at 03:53:32PM -0400, Trond Myklebust wrote:
>> > So here is a quick proposal: we add a new security type AUTH_TLS, which
>> can
>> > act as the equivalent of a "STARTTLS command" to signal that we want to
>> > initiate TLS security negotiation if the server supports it.
>> >
>> > When the client has set up the TCP connection, and is ready to initiate
>> the
>> > TLS negotiation, it pings the server with a NULL RPC request with an
>> > auth_flavor of AUTH_TLS. If the server doesn't recognise that flavour,
>> and
>> > returns AUTH_ERROR (+AUTH_BADCRED?), then the client knows that the
>> server
>> > is unlikely to support stepping up to TLS on this connection.
>> >
>> > There should be no need for the credential to carry any form of
>> > authentication payload, so just model it on AUTH_NONE, but have the
>> server
>> > return a payload of "STARTTLS" in the body of the verifier. That
>> > differentiates it from AUTH_NONE, and allows the client to distinguish
>> > servers that recognise AUTH_TLS, and servers that just ignore the
>> > authentication header altogether in NULL RPC calls. If the payload
>> matches,
>> > then the client kicks off TLS negotiation before sending any further RPC
>> > calls on this connection.
>> >
>> > If the client tries to use AUTH_TLS for anything other than a NULL RPC
>> > ping, then a server would presumably be expected to return AUTH_ERROR
>> with
>> > AUTH_TOOWEAK.
>> >
>> > Once the TLS negotiation is complete, then the client and server will
>> have
>> > established a secure channel for communicating, and can then use the
>>
>> Any such document would need to discuss the client authentication
>> semantics
>> for the TLS connection, whether a single per-host client cert is used vs.
>> per-user certs, etc.  BCP 195/RFC 7525 would of course play a role, too.
>>
>
> This is transport level security, so in order to have per-user certs, we'd
> presumably have to have a TCP connection per user? That is certainly not
> something that I can envision wanting to ever implement for a kernel NFS
> client.
> IOW: As far as this working group is concerned, I'd see TLS as mainly
> practical for providing machine level authentication, not user level.
>
>
I should note, OTOH, that using TLS for machine authentication, and being
able to use certificate information in my /etc/exports file would be highly
useful!


> I agree that there are issues addressed by RFC7525 that we may want to
> discuss.
>
>
>>
>> > standard security flavours on top of that channel (presumably after
>> > negotiating down the irrelevant RPCSEC_GSS privacy and integrity
>> mechanisms
>> > and applying channel binding).
>>
>> Anyone considering GSSAPI channel binding should probably consider the
>> issues that
>> https://tools.ietf.org/html/draft-ietf-kitten-channel-bound-flag-03 tries
>> to address, and also that the tls-unique-based binding value in RFC 5929
>> is
>> rather overtaken by events.  There would probably be a need to define a
>> new
>> TLS exporter-based value that requires the use of TLS 1.3 or
>> extended-master-secret.
>>
>>
> Is that discussion relevant to the NFSv4 working group though? NFSv4 only
> requires servers to support RPCSEC_GSSv2 (or RPCSEC_GSSv3 for NFSv4.2).
> Both those protocols have explicit channel binding RPC calls that return
> success/failure, and a separate service type (rpc_gss_svc_channel_prot)
> that as far as I can tell should meet the requirements in the above
> document. Am I wrong?
>
>
>
> -Ben
>>
>> > Is this a proposal that might be of interest to members of this group,
>> and
>> > hence be worth documenting in an RFC?
>> >
>> > Cheers
>> >   Trond
>> >
>> > On Tue, 28 Aug 2018 at 07:57, Rick Macklem <rmacklem@uoguelph.ca>
>> wrote:
>> >
>> > > David Noveck wrote:
>> > > [stuff snipped]
>> > > >> AUTH_SYS with UIDs/GIDs is too limited.
>> > > >
>> > > >As far as I know, AUTH_SYS includes 32-bit UIDs/GIDs.   Those seemed
>> > > ample when
>> > > >AUTH_SYS was designed.
>> > > >
>> > > >It certainly is too limited now, but it is difficult to change. Even
>> more
>> > > of a
>> > > >barrier than the existiing OTW formats, is the fact that most flle
>> systems
>> > > >used with NFS reserve 32 bits in the inode for each of owner and
>> group.
>> > > >Further complicating matters is that in-kernel VFS's and POSIX API's
>> are
>> > > >built around this very limited approach to user identity.
>> > > >
>> > > >> I have no objection to a mechanism like AUTH_SYS-over-TLS
>> > > >
>> > > >I don't know of any AUTH_SYS mechanism that uses anything other than
>> > > >32-bit ids.
>> > > >
>> > > >> that uses name@domain to be consistent with the rest of NFSv4.
>> > > I think he was referring to a new authentication flavour that had the
>> > > "user@domain" string as the authenticator. (There is a 400byte
>> limit, but
>> > > that might be sufficient.) I might have called it AUTH_NAME or
>> AUTH_OWNER.
>> > >
>> > > I'd guess that 99.9% of FreeBSD NFS usage is AUTH_SYS, although
>> Kerberos is
>> > > in the system. I do think a way to use TLS (or similar) to encrypt at
>> the
>> > > transport
>> > > level would be a good thing and would get used more widely.
>> > >
>> > > Many of the FreeBSD sites (I won't guess the %) use AUTH_SYS but
>> ignore the
>> > > gid list and generate a gid list on the server from the uid. As such,
>> I
>> > > don't think
>> > > putting gids/owner_group names in a new authentication mechanism is
>> needed.
>> > >
>> > > For folks that have a 32bit uniform uid space, AUTH_SYS in transport
>> > > encryption
>> > > seems ok to me.
>> > > For sites where the uid space isn't uniform or doesn't fit in 32bits,
>> a
>> > > "user@domaim"
>> > > to uid/gid list mapping in the server can be done using this new one.
>> > >
>> > > >Within NFSv4 proper, you could use name@domain, but there is really
>> no
>> > > >point if you are using AUTH_SYS.    You are allowed to use numeric
>> ids
>> > > >as attributes and most people using AUTH_SYS choose to do so, to
>> avoid
>> > > >the overhead of a translation that provides no benefits.
>> > > They could use this mapping with AUTH_OWNER when AUTH_SYS won't
>> > > work for them.
>> > >
>> > > rick
>> > > ps: I, for one, am not interested in implementing a new GSSAPI
>> mechanism
>> > > that
>> > >       isn't in the open source Kerberos distros. As such, any
>> complicated
>> > > setup
>> > >       involving writing of a lot of new code probably wouldn't make
>> it in
>> > > FreeBSD
>> > >       for a long time. However, something that mostly uses the extant
>> code
>> > > for
>> > >       supporting "https" should be doable.
>> > > [more stuff snipped]
>> > >
>> > > _______________________________________________
>> > > nfsv4 mailing list
>> > > nfsv4@ietf.org
>> > > https://www.ietf.org/mailman/listinfo/nfsv4
>> > >
>>
>> > _______________________________________________
>> > nfsv4 mailing list
>> > nfsv4@ietf.org
>> > https://www.ietf.org/mailman/listinfo/nfsv4
>>
>>

v2.23.0 | Report a Bug | By Email