Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-04.txt

Rick Macklem <rmacklem@uoguelph.ca> Fri, 07 January 2022 17:31 UTC

Return-Path: <rmacklem@uoguelph.ca>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C04F3A0D4C for <nfsv4@ietfa.amsl.com>; Fri, 7 Jan 2022 09:31:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=uoguelph.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zTuto9ilo-YV for <nfsv4@ietfa.amsl.com>; Fri, 7 Jan 2022 09:31:52 -0800 (PST)
Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-qb1can01on0619.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe5c::619]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF0163A0D4B for <nfsv4@ietf.org>; Fri, 7 Jan 2022 09:31:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a2mUTjEAGfvsvDtu/bfSJoJluEU2Sx1MRIlMxYB4ZeOn86MhqTfTxVvhvGi2XatshcH/bntmXv+lznZJNBm1kePTh7XaY5P/V/ko+JLGNaYlsknuRIIh/QtOWeTfAAEK3gAY381apZbUE2emwK0FrT47uvN62EoDMAyWimPt6VXUxDk8tsUwsUOhrp4VzWV/azzDXSC2GsQkdXJdsmGmcINpQj40OhGJmP4OhJ2oVuIgi2PoQ95ZQdpFrgHmLfCrWhBrHcHP6DM4N1XOzUTe/GBSPtF1/A4Jce0MLQxYE/Ra+oUqLZJ1Hb4gBxB3J1/UUoP/glqk63AMLmdGKSDxEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ox7EECTItJihuhg4eOlarlzbuN1+i+D2StLbrrKHhNw=; b=CryfHXPso4FK/WIC9EP2HIG0U2CPvJ5xNQaHbKR7y9mOQVZkdgQ7qSZVPPzbyAaort5iNVFuLFSwrspl8o0t49ZmCV2p0gxKUepcUUo9ZRiWwxuixXyLxgMGqRhZlaUw5yoVtMulsCtQVwXL65NJ6YZQz3TagZyJTExLlkOWdPHbEDXXO39Vr+Vz+A9LJAWkT6EonZ6KjC1Zuo9dYATIAibontPXObm0BExsXNJ5PJoK4uOTF8VbAyALOzEtT8tiGj4IXVOGCklixJGnimFLyfUMQPnjUxVyE00JojyGqboy6wlONBkIgTYNwC1Xq9RaO23+TFXdctxzaq0b5WzE2Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Ox7EECTItJihuhg4eOlarlzbuN1+i+D2StLbrrKHhNw=; b=W0qsy94XcjFZIPi+52WF0oyq0WxgN2nPi6Qz7PSxl2enignV70mWGXN/VtU5n5QThRTnfVfOddpripueOCjvary30+oB6jgLmCHE2WCvlpBYF36rklNd/R2nXoFNsmXhke9a1UkJ5EJKW4Wh5RKEQ0dNPbOlMjLxwpEKEXf5OAO99FXNaX0N9nErcX0RHKAjRB4hz6lyoWEFhOgL8k2bPYhSEEe7uA6TJq5hx4WVXjfD3chWyUKBpuRfDw1OU8JTDuAJtAe7fm8WACPe9+BP4sDeUdi7/XggRg/yndwn6o0IOoHD/yX/XTdJsyF3UyoFlVt0Ay4E/Tlbufmw7xBl0A==
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:19::29) by QB1PR01MB2771.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:36::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.7; Fri, 7 Jan 2022 17:31:48 +0000
Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::c9d2:bf41:eeca:90aa]) by YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::c9d2:bf41:eeca:90aa%4]) with mapi id 15.20.4867.011; Fri, 7 Jan 2022 17:31:48 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: "J. Bruce Fields" <bfields@fieldses.org>
CC: NFSv4 <nfsv4@ietf.org>
Thread-Topic: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-04.txt
Thread-Index: AQHX+M0Zr/DOM25hTke40cIHszU7L6xCR9G8gAAn2JeAAeFnAIAAqW1pgAK93wCAASksy4AO6MoAgAASLdWAAAmMZw==
Date: Fri, 07 Jan 2022 17:31:48 +0000
Message-ID: <YQXPR0101MB0968AC93D3CC8BB3B624EAFADD4D9@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
References: <164035267965.25968.10921853654415505678@ietfa.amsl.com> <CADaq8jcXitpCCA+y3u6dYxGM95rfX6UtuZTm27g=Ht6=8x3+Qw@mail.gmail.com> <YQXPR0101MB096858749741A1191DE75279DD7F9@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <YTOPR0101MB09702834BC7C51CE9146389EDD409@YTOPR0101MB0970.CANPRD01.PROD.OUTLOOK.COM> <CADaq8jc44Ua9CABd3tznCgqv4du6thfo7RAGmn_nA_jjQ-boDw@mail.gmail.com> <YQXPR0101MB09681E0D9ADE96C7C9A493DDDD419@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <CADaq8jcy4kE3+JQ2FBvWqDVZv+e+e21tWBgcJ8EywfnNWLrh4w@mail.gmail.com> <YQXPR0101MB096891D69ED7E94A526223A0DD449@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <20220107154806.GB26961@fieldses.org> <YQXPR0101MB096815A9CA253024604E8D46DD4D9@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <YQXPR0101MB096815A9CA253024604E8D46DD4D9@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
suggested_attachment_session_id: 6960c062-72b8-347a-93df-815b17727167
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=uoguelph.ca;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f2c357a1-957f-42d8-4aa7-08d9d2039554
x-ms-traffictypediagnostic: QB1PR01MB2771:EE_
x-microsoft-antispam-prvs: <QB1PR01MB27717701F42AC740627D501BDD4D9@QB1PR01MB2771.CANPRD01.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Iee1ttv/agJ1HY+r6n7xBP4LMdORrsBZXzujgBwtF01LR/O+nfY9stnOLiQaCCcOQ0m+lMBUZRPO/I0NSI6nozfGWAEwdOv9pvCtwR3WTGvvqe6zjD3wheZbk1m2Vc3xHlUlgTm5/CQ5Tf3PPwO8uxfaLkIww+ma5XpZ60pmq25vCW98QciX+r6SXSv/ZADrP3kTJtosEUR8WTh70h4iNraONn1265fRLmJGT/m3i+QfKp0IeJ1rYjt/ismX7RWUvNjadNLS+44dU1ULjD1KZj0rjYy//4qrV4GFkH6tVtSWxvwaz0GUwhmJKdHNTL8kdtUT7sBYV4DIZGFUSVOIzecPrA9+FWQ9pHJKHguA8dm6TeNyZS7KoVmmlUrBYZlF9ooNUM+DiIuuNkaCi3GYTcH3anU7lyzLa6TcrQwz/UXbF3e0MiSndj3BURCGhfz+uLYEh7dQgo35BRruh9r/gwsgx1TDQgfRDTDBvJoxxPDHxYwdgpXHQCCnp2IKu7bCepEshNSGEv91w0m3B1xURAveBJ7W6Sh6Eua+RmZqM/X/p8Yr9tohjhzTPN6Lng+RHgeb/+FDt5392BJwT/0hIMkmgkK1Wi9wcjQlHQtdXN8Fp6pZPYgYaLln7f5A5YvmqtCGU+F2euI6Gr15RoWmEpCJHuTLHBYcrHyTZyv0bFZ7OTyl0hgdfi1y/JtYontAqp/e+LVwYXfAAfcsm2c9zA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(7696005)(8676002)(186003)(6506007)(122000001)(83380400001)(2906002)(55016003)(8936002)(33656002)(71200400001)(86362001)(316002)(786003)(38070700005)(508600001)(66556008)(4326008)(66476007)(76116006)(66446008)(66946007)(64756008)(91956017)(2940100002)(6916009)(4744005)(52536014)(5660300002)(38100700002)(9686003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: n+5B99seWHQD5Q7e95oBDzBlPVekxMTFIo1zNUDJnJPof5H22euxNoX2puwjwQryTwt/qftRayEXbb8tFqpQB0fV/XPPoDU4ABdRvhm6jk3Yn/79jFhlweULMVj0IEgZ4sLzdDypBkhnBhTsQXcEccRFWO8MOOKyW+XPXq/XgO8zi6wM6wQeCFzrlm4UXd2AY/1gNXd+vyxQQZ5KDcf6t9LZ1WXQgghQQRu3dJnQ+fV4g2A1sgA0Y21cI9H7Dz+CugYkLX91x/qXecfyVcLfNDnbzDDARlILL+/xwb7LBdTyrEaE2xC7DrniFcgU0Zbt+2hxqVS1d02sMg6Pv2pU9LNEA0MGqWRD2/dZoqBHE/WcHPTEMPGh80K2oxcM9Zt7BJKg44l4qyXIUvZZ+TjE7MxUEv5oMd1x1agc1SCjxcSaXbgdhnPz14G8CdcXZPYAylZ4exGE74GkLtOqqgbAWFeo4D9jx1IXv+U+h+LXJ8ITGxhRwvVgrmfK8MeUOyQPNU30cE+tdF24G5u0LjXiG3ob41ko8iuatUbxVxCLiOTQJu6/lpgx5lOxgZTHI3O9x5Txgx1AwQtfADOsipXtTd+263+TwRa2ThP5AzY4u/2skZTGTArhE7ImCxZJWhh7YnokbnZVLBd/HBMnJQI1AvJvXOXImBZAvTnGWowH3nPkfHGyaGGQrjtVXNnEy2ffksuHRJ9hwc3vcEnu7nRiaVkeVgx2EYCeXh79R9fJGFbdFp78h7TKSp1r0+TBvwomX2qmaHUAxXTBbwOZzLYJrhC5zqJTONVvONl+rdZgpe4Pk2fwjEBHYe7cMPKu2L7j9Y8OXwgvpmZK7D10QELrR4mD48CN3gcboCwE+1e9LOvCPgmCI7sz2THZ1CVE1aSOTGGn7+i7UqMxpTzegG5C1YWZkomuE9H+jNTZNarnb/SMA+M/GvzK/ww8J+GsndROp8IouuF5K9qhB1k0ROrdL/dwkmMpepiUZDXxseekm6otdcH5a1wdvR2GuyDkmawfUgElDkaLquUXRfZ7sSgb4esLIYxBiPLvjAterI0cN6DTZgZIXMO+GS/uDMk2LFxdOyy6tjXJgLfuwciJEER+oIcvBP1hHT+C14dzoo4iiUE1imf44YbjnXsyWODx+wcW2t+m03Ycewl4XgUByoTJV3PxsE9BlflK+A0q9efzrzukU2NNeNgtJPRQeVYkDRwTVy0UQXYvPEDH7tSo5Bki/z+ZdR0XsH51VEkxLkE8ajgLXwtrAHnT94OOWqP8tN+45IC5yS4A5v0AgSUxiHkuplqNRXV2xjYYwbmFNk+bMqMg0OplnJ7DKsdc0GkwmOp/m0Gmvh+Wns38oTu7U3B2DE2azTQd1Zr2HQlIAh2hm/6DYivJ3kVl4FOpnzgfX1hNUoX+hMOeRolnQTB5j0yC7g8YlCRuK2kHz1Pq3ZINUXyL+Pk9ZODJh5yyr0QMDwXxYiuo5ivT6S++nbyUj4SUbdZqqDX9E5tjBVTXTQWKCXRC+Py01STi5CYY3gN+AZC+ZuGwp43UOGCyQREtDerBWZiY78N9W2edkFKiJiwO+XBnStlVelR3O2szl/yAx2hc5QQRTJw+1hRPUkioaQZPdzAYgdmgcrppLbfdH8Msns2I7uVGZ/eJlZWIL+lEXKHe0muBB12hQsgkPtfwTG8tHg==
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: f2c357a1-957f-42d8-4aa7-08d9d2039554
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jan 2022 17:31:48.0762 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zSNtqtnLqATsH3qYCWN5rZJ/ofwO3wi/5NGkkA7RtkRqQlAqVe8pNqCZUd7ZUGHAqwqYe71M4LbelKn2OKkoaQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: QB1PR01MB2771
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/w1cR-rwjNThN17rCf-rPZsu2cLU>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-dnoveck-nfsv4-security-04.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2022 17:31:56 -0000

Rick Macklem wrote:
[stuff snipped]
> For the cases of Claim_Previous, Claim_Delegate_Previous, the state is
> being recovered and, as such, file permission checking should not be done.
> --> I think these cases should use the same rule as ExchangeID/CreateSession,
      that is "same principal as first ExchangeID or SetClientID".
> --> This could also be described as "must be done with machine principal".
I don't think requiring "machine prinicipal" is in any RFC, so I doubt we can
do that now.
I will check the FreeBSD and Linux clients, to see what prinicipal they use
for Open/Claim_Previous in the next few days and report back.
(I have no access to the other clients.)

rick