IETF Logo Mail Archive

Re: [nfsv4] More on CCM

Nicolas Williams <Nicolas.Williams@sun.com> Tue, 11 March 2003 23:21 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA18218 for <nfsv4-archive@odin.ietf.org>; Tue, 11 Mar 2003 18:21:40 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h2BNZL410698 for nfsv4-archive@odin.ietf.org; Tue, 11 Mar 2003 18:35:21 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2BNZKO10695 for <nfsv4-web-archive@optimus.ietf.org>; Tue, 11 Mar 2003 18:35:20 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA18168; Tue, 11 Mar 2003 18:21:09 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2BNZCO10687; Tue, 11 Mar 2003 18:35:12 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h2BNYMO10625 for <nfsv4@optimus.ietf.org>; Tue, 11 Mar 2003 18:34:22 -0500
Received: from pheriche.sun.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA18146 for <nfsv4@ietf.org>; Tue, 11 Mar 2003 18:20:10 -0500 (EST)
Received: from centralmail1brm.Central.Sun.COM ([129.147.62.1]) by pheriche.sun.com (8.9.3+Sun/8.9.3) with ESMTP id QAA24662; Tue, 11 Mar 2003 16:22:18 -0700 (MST)
Received: from binky.central.sun.com (binky.Central.Sun.COM [129.153.128.104]) by centralmail1brm.Central.Sun.COM (8.12.8+Sun/8.12.8/ENSMAIL,v2.2) with ESMTP id h2BNMH5i015475; Tue, 11 Mar 2003 16:22:17 -0700 (MST)
Received: from binky.central.sun.com (localhost [127.0.0.1]) by binky.central.sun.com (8.12.5+Sun/8.12.3) with ESMTP id h2BNKIQx014739; Tue, 11 Mar 2003 15:20:18 -0800 (PST)
Received: (from nw141292@localhost) by binky.central.sun.com (8.12.5+Sun/8.12.3/Submit) id h2BNKHjp014738; Tue, 11 Mar 2003 17:20:17 -0600 (CST)
From: Nicolas Williams <Nicolas.Williams@sun.com>
To: Mike Eisler <mike@eisler.com>
Cc: nfsv4@ietf.org, hartmans@MIT.EDU
Subject: Re: [nfsv4] More on CCM
Message-ID: <20030311172017.Q10755@binky.central.sun.com>
References: <20030311133614.J10755@binky.central.sun.com> <3E6E609B.5070205@eisler.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3E6E609B.5070205@eisler.com>; from mike@eisler.com on Tue, Mar 11, 2003 at 02:18:03PM -0800
Sender: nfsv4-admin@ietf.org
Errors-To: nfsv4-admin@ietf.org
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/nfsv4/>
X-Original-Date: Tue, 11 Mar 2003 17:20:17 -0600
Date: Tue, 11 Mar 2003 17:20:17 -0600

On Tue, Mar 11, 2003 at 02:18:03PM -0800, Mike Eisler wrote:
> Nicolas Williams wrote:
> 
> > CCM should have three variations, each with their own OID, each being a
> > trivial wrapper around an underlying GSS mechanism. The three
> > variations should be:
> 
> These might be too many variations. Offering a wide array
> of choices to the customer is just too confusing. And
> even if we can design a way to remove confusion, requiring
> all this array of choices reduces the chances of a particular
> implementation supporting them and reduces chances of
> interoperability. (An example of this is action was the
> surprise at the last Connectathon, where several of us found that
> 3DES keys were being created by the KDC, and as a result,
> most of us NFS/krb5 implementors couldn't interoperate).
> The goal is to minimize difficulty of implementation.

See below.

The 3DES issue you refer to is a configuration issue, perhaps a
maddening one to you, but still not an interop issue.

> >
> > - CCM-with-network-address-channel-bindings
> >
> > For use with IPsec and without NAT. Initiators and acceptors would
> > be required to verify that an IPsec SA exists for the network
> > addresses referenced in the channel bindings.
> 
> Given the lack of  NAT support, I can't see why implementors with
> limited resources would bother. I'm certainly not inclined to
> lobby my management to fund this.

The reason I offer this is that this is trivial to implement today and
secure.  It won't work through NAT though.

> >
> > - CCM-with-session-hash-channel-bindings
> >
> > For use with IPsec, SSHv2, etc.. without regard to NAT.
> 
> I think hash-key bindings are very slick. I also think the API
> support to retrieve them is far from ubiquitous. And there's no
> existing GSS-API or krb5 infrastructure for them either, and
> not even a specification.

The GSS-API certainly supports channel bindings, though they are
optional.  Your implementation may not, but if you want CCM to work
securely then you'll have to add channel binding support.

The specification of the IPsec, SSHv2, etc... hashes has to be done.
I already know what that specification is for IKEv1 (IPsec) and SSHv2;
only IKEv2 remains.  Specifying these hashes is not difficult.

I will contribute text if you wish.

Since CCM-with-session-hash-channel-bindings is the only secure form of
CCM that will work through NAT I think that this form has to be
specified.  Between this form and the first one above we have two forms
of CCM, and if I had to choose only one I'd choose this one.

> >
> > - CCM-with-no-channel-bindings
> >
> > For debugging use; not to be used in production.
> >
> >
> > The reason that separate pseudo-mechanisms are needed for the network
> > address channel bindings and session hash channel bindings is so as to
> > make it possible to negotiate which one to use.
> 
> Following Dai Peng's and David Black's comments, and considering
> that useful (NAT-less) GSS channel bindings don't really exist, my thinking
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
They are trivial to define.  To repeat:

 - For IKEv1 (IPsec) the channel bindings consists of: the concatenation
   of the HASH_I and HASH_R for the SA as defined in IKEv1 (rfc2409)

 - For SSHv2 the channel bindings consists of: the key exchange hash as
   defined in draft-ietf-secsh-transport-15 and
   draft-ietf-secsh-gsskeyex-06

 - IKEv2 I've not researched yet; but surely it too can have channel
   bindings specified

> is to specify the use of RPCSEC_GSS over CCM to limit its use
> for the duration of the ULP's session. Most ULPs that use ONC RPC don't
> have a session, but most ONC RPC ULPs do work over
> connection oriented transports. So this effectively means that
> sessionless ONC RPC ULPs must bind a particular CCM context to
> a particular TCP or SCTP (whenever the wg gets around to
> defining ONC RPC semantics for SCTP) connection.

ULP?

> (If it is good enough for iSCSI, it is good enough for ONC RPC).

Wrong.  If some other protocol's spec has it wrong that is no excuse for
us to get it wrong also, particularly now that we've had this discussion
in public (years from now others will be able to point the finger at us
and say "they knew of the problem and chose to ignore it").  I don't
find that acceptable.  Furthermore the IETF security ADs, or the IESG
may also find it unacceptable; if, OTOH, they're ok with this, then
fine, it won't be my fault :) :)

Cheers,

Nico
-- 
_______________________________________________
nfsv4 mailing list
nfsv4@ietf.org
https://www1.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email