IETF Logo Mail Archive

Re: [nfsv4] Security document - sense of the working group

Rick Macklem <rick.macklem@gmail.com> Tue, 30 January 2024 23:11 UTC

Return-Path: <rick.macklem@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0298BC151990 for <nfsv4@ietfa.amsl.com>; Tue, 30 Jan 2024 15:11:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRPfU9m-adjb for <nfsv4@ietfa.amsl.com>; Tue, 30 Jan 2024 15:11:11 -0800 (PST)
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com [IPv6:2607:f8b0:4864:20::102d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64684C15198D for <nfsv4@ietf.org>; Tue, 30 Jan 2024 15:11:11 -0800 (PST)
Received: by mail-pj1-x102d.google.com with SMTP id 98e67ed59e1d1-290da27f597so2297871a91.2 for <nfsv4@ietf.org>; Tue, 30 Jan 2024 15:11:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706656271; x=1707261071; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=qi2eP0ThSytfSaOEK/8eW5QYMUoM+1A4pdkQxnFNOno=; b=Va+jrdUFGc5CuA4slT+7D2mGK7A0JAxy67n1hmuqQUgPIv62dp12WuVxsOfkBO5Qr1 DRxN5+sXap68HH+Rzxz6vjDAB6LCo5rr4VBdGgcwTssLs/GOsnK72DQrapFnA1w/0BuI qGiWTvsR8U6Uo0XzDgG4Hd8TbaB8kngxza0zDFU1QQ6JsSi/1AIb6Qwc3+lQitRMRtMC Elc4u5lMnyGQcuojdcqnzfGGVwfcMzthYQUm9grKeqvd98Ryv499mbiGdvUMnQrlEb2m J9db03wSD4F4JJ4TmTZa9eqzWfnmRt045dMy2M0ShXO6Rn/rFcUgY6oJj8W9UbCeRuvQ f83Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706656271; x=1707261071; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qi2eP0ThSytfSaOEK/8eW5QYMUoM+1A4pdkQxnFNOno=; b=Q96x1596IQhh9YySlVZvtn+Qyo5JzewRAJK1ZblVqElWxgGttqfpDPrvQiC4fZYHfe x4X8fklNgPJRbPk0b00qSTSV2iaBfbpB5fbQM3r7PTAL9ScAK4SStfhWPy7vRbYSCWRi aa3BB6Qp7ODVup+L+WVDVJBiJSn1a/i50aEWavS6d4rzPl30bXYrU+7xK8lFKmolQQaI AMzqDxjm+gk/8Y2gSol2Hahvg0K8ySzdaSVnFieXI/1u99AKcEgszM/k769i9Sf5ZS43 B1daLoqg3YLKsDLYHyvrTUsEj5LUa+RCU1IF1SjhKp4XvduDqcbZWBB1RgO3+cnW9b/T bpZQ==
X-Gm-Message-State: AOJu0YwVrj81FlFQMVzXjzYr9lbBfUkuQ2p/mBRkeaKbbBi5InAEGOGT BTq9l9kgUpYV7LEq/gusF1ZOrmxMGjQSSAcgwJw+5dmkHdMWicaXwf5kc4TomJAcYGm6yOuP6Ba 7Dyg7wQQKzY/yjiTxfrnTgBwWuwUSPM0=
X-Google-Smtp-Source: AGHT+IHEkdQlHrHrE47GQnDZUFxDM29IfTrF0aONwS0AOsT48TYIGYXC5D0z92dadtFT+LKxpfftOUx8VxxeiMeNkHM=
X-Received: by 2002:a17:90b:2395:b0:294:6b8b:369a with SMTP id mr21-20020a17090b239500b002946b8b369amr114482pjb.20.1706656270718; Tue, 30 Jan 2024 15:11:10 -0800 (PST)
MIME-Version: 1.0
References: <7CFC98DA-BFC3-462D-861E-009BCE960F1C@cert.org>
In-Reply-To: <7CFC98DA-BFC3-462D-861E-009BCE960F1C@cert.org>
From: Rick Macklem <rick.macklem@gmail.com>
Date: Tue, 30 Jan 2024 15:10:57 -0800
Message-ID: <CAM5tNy6A0srUPo1hJE13idLgQG09E_N9bFO-LDQaawtvc1VOJg@mail.gmail.com>
To: Chris Inacio <inacio@cert.org>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/vd3zc_95xqD8NgC8nuSCXFguchE>
Subject: Re: [nfsv4] Security document - sense of the working group
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2024 23:11:12 -0000

On Tue, Jan 30, 2024 at 8:22 AM Chris Inacio <inacio@cert.org> wrote:
>
> All,
>
> The chairs would like a sense of the working group with regards to the draft-dnoveck-nfsv4-security-07 (https://datatracker.ietf.org/doc/draft-dnoveck-nfsv4-security/) and adoption.  Please let us know if you think the working group collectively agrees to the body of work proposed in the draft.
>
> The sense of the chairs is that the working group does not have consensus on the scope or set of items presented in the current individual draft.  If that is the case, we would like to know what topics/items in the draft that you do support and which ones you do not believe are ready or that the WG will not be able to reach consensus on.  If there are steps that you think the working group should take towards clarity on any of those topics, the chairs are interested in hearing those too.

I find the document overwhelming for my simple brain.
In particular, I think dealing with ACLs/mode is a monster
that may be unsolvable, but at least deserves its own document.

I think Sec. 14-16, plus related parts of 17, 18 might make a
document of reasonable size/complexity.  RPC-with-TLS does
offer significant progress in this area.

And, I for one, cannot even imagine an NFSv5.
I also wonder why NFSv4.0 matters any longer?

rick

>
> Thanks,
> NFSv4 Chairs
>
> ----
> Chris Inacio
> inacio@cert.org
>
>
>
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email