Re: [nfsv4] Alissa Cooper's Discuss on draft-ietf-nfsv4-rfc3530-migration-update-07: (with DISCUSS and COMMENT)
David Noveck <davenoveck@gmail.com> Sat, 23 January 2016 13:57 UTC
Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC1B01A1B12; Sat, 23 Jan 2016 05:57:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_44=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B8BpFB-hm63K; Sat, 23 Jan 2016 05:57:02 -0800 (PST)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 017791A1B0D; Sat, 23 Jan 2016 05:56:58 -0800 (PST)
Received: by mail-lf0-x22c.google.com with SMTP id m198so62303011lfm.0; Sat, 23 Jan 2016 05:56:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=K0eSlsEaL6XTjvrzMj9BbObnN9jCs6wBHIKRYcfunuE=; b=fI7YuGGD5n5J+r1wasxV/XWgnH23q/nP2SFTuRCt57iPKPGJp05umP6emoMZnfIyrc 67VXjBnV7sHepXXYtEECSRGzjsTkpNM3ibw5+wxjOjW02h0Q0BblkLwIQTwub3ThU46U tmiU8MiK6I28fyv2/+L+3T3wNxktSVW7NN2AI8OppvQpB+5GFZFY2X+0v/HjtrAhGjUZ widSvMCbtgmDO9uyn8Wrgrm+Kb7QFulvmgLk+LF3g8LXbZ/6ns4oHijaqpP0Xhs+/6/e CHlm7IIHzNvNH8DbV3iji1EjC7GgquX1VMwzblXcqgShk59+xrHfUbtOhfZexx5QalMB +eEg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=K0eSlsEaL6XTjvrzMj9BbObnN9jCs6wBHIKRYcfunuE=; b=OqBTupNojeztcCYojusQys7aCtUmXtrkBaLikciCYMrzI/EIES+8EEJqzmAxKIb5/9 9sA1RfwJsipHtB218KGGsm9OJbfMhLSrgJA8C3nNIWpai/cHq3tDlsuK2mFc+yalzdEB D9U0Gxcy7cCi6fVXj9O6bhQtTQT+OLKLrA/Mx6fMPeS0XQOauH9BIdkCp8ZiLZClHt+M MVss0GRn2fFMNBR/XCTJznHgTbTJYEFi2icfX7LwjnEtBxIArgDTPEy7MfjjoiBA2s8G SJsHWVqkdu8bVj4sl3zjTanrUs71VnK0RKus5/LZYunu+O+C1nCDSI20BMNYGONL1ZpK BMng==
X-Gm-Message-State: AG10YOQObOfIINttUmqyxENWcS6i48G8BjXDg4IZ/AOes+BxTES/eaycL6cXB/jzdFoE2pafmo31YSdHo7jP2A==
MIME-Version: 1.0
X-Received: by 10.25.151.9 with SMTP id z9mr2697861lfd.72.1453557417143; Sat, 23 Jan 2016 05:56:57 -0800 (PST)
Received: by 10.112.186.101 with HTTP; Sat, 23 Jan 2016 05:56:57 -0800 (PST)
In-Reply-To: <20160119223847.13082.15458.idtracker@ietfa.amsl.com>
References: <20160119223847.13082.15458.idtracker@ietfa.amsl.com>
Date: Sat, 23 Jan 2016 08:56:57 -0500
Message-ID: <CADaq8jf1MptSPmekGn3bOfx8xRmd0eehqoXa6N2iXqmt7ycnKQ@mail.gmail.com>
From: David Noveck <davenoveck@gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Content-Type: multipart/alternative; boundary="001a11403896827aec052a00b5d4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/nfsv4/x49UrsMpfLGSA6QuKdpXZtsKT7c>
Cc: "nfsv4@ietf.org" <nfsv4@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-nfsv4-rfc3530-migration-update@ietf.org, "nfsv4-chairs@ietf.org" <nfsv4-chairs@ietf.org>
Subject: Re: [nfsv4] Alissa Cooper's Discuss on draft-ietf-nfsv4-rfc3530-migration-update-07: (with DISCUSS and COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jan 2016 13:57:05 -0000
> (And my bad for not noticing this before > the publication of RFC 7530, since they would have applied there as > well.) You're not alone. These same issues apply to RFCs 3530 and 5661 as well. > As best I can tell, embedding the client's IP address in the client id is > not a requirement (but I admit to not fully understanding NFS!). So why > is it suggested that the client's network address be embedded in the > client id? I think the reason is primarily historical inertia.The idea that the IP address is a reasonable basis for this goes back to RFC3010. > It seems to me that to avoid all of the issues above, perhaps a better > example to provide would be hash(some client secret, some source of > uniqueness, server identity). That gives the client id a good chance of > being unique without exposing other identifiers related to the client. > And then if the existing guidance about saving and re-using the value is > followed, it won't be necessary to try to shoehorn in an old IP address > or persistent device identifiers when the clientid needs to be > regenerated. I've already modified my text to include the idea of a hash based on a suggestion in Elwyn Davies' gen-art review. I'll make some further changes to bring the client id string guidance into closer alignment with the actual requirements for the client id string before I submit -08. On Tue, Jan 19, 2016 at 5:38 PM, Alissa Cooper <alissa@cooperw.in> wrote: > Alissa Cooper has entered the following ballot position for > draft-ietf-nfsv4-rfc3530-migration-update-07: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-nfsv4-rfc3530-migration-update/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Per my comment below, it seems like there are some fairly significant > privacy considerations related to the choice of how the client id is > constructed. I think these need to be described in the document so > implementors are aware of them. (And my bad for not noticing this before > the publication of RFC 7530, since they would have applied there as > well.) > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > My comments are about the example given in Section 4.9. > > I understand from 4.2 that the requirements for the construction of the > client id are: > > 1) It should be unique per client. > 2) It should persist through reboots. > > As best I can tell, embedding the client's IP address in the client id is > not a requirement (but I admit to not fully understanding NFS!). So why > is it suggested that the client's network address be embedded in the > client id? > > There are also a few privacy-related issues with the example: > > - Some clients will change their IP addresses over time to avoid being > tracked. By suggesting that some prior address be used in the client id, > there is an implied requirement on the client to maintain a history of > previously used addresses, which could be exploited for tracking > purposes. > > - Permanent device identifiers (such as a serial numbers) should not be > embedded in a client id on the wire, again to avoid facilitating tracking > by any other party that knows the serial number. > > It seems to me that to avoid all of the issues above, perhaps a better > example to provide would be hash(some client secret, some source of > uniqueness, server identity). That gives the client id a good chance of > being unique without exposing other identifiers related to the client. > And then if the existing guidance about saving and re-using the value is > followed, it won't be necessary to try to shoehorn in an old IP address > or persistent device identifiers when the clientid needs to be > regenerated. > > >
- [nfsv4] Alissa Cooper's Discuss on draft-ietf-nfs… Alissa Cooper
- Re: [nfsv4] Alissa Cooper's Discuss on draft-ietf… David Noveck
- Re: [nfsv4] Alissa Cooper's Discuss on draft-ietf… Spencer Dawkins at IETF