IETF Logo Mail Archive

Re: [nfsv4] Comments on minutes of wg meeting at IETF114

Trond Myklebust <trondmy@gmail.com> Sun, 02 October 2022 15:01 UTC

Return-Path: <trondmy@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ED71C14F741 for <nfsv4@ietfa.amsl.com>; Sun, 2 Oct 2022 08:01:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XkACnl_9Uvin for <nfsv4@ietfa.amsl.com>; Sun, 2 Oct 2022 08:01:04 -0700 (PDT)
Received: from mail-oa1-x2a.google.com (mail-oa1-x2a.google.com [IPv6:2001:4860:4864:20::2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EAA5C14F6EB for <nfsv4@ietf.org>; Sun, 2 Oct 2022 08:01:04 -0700 (PDT)
Received: by mail-oa1-x2a.google.com with SMTP id 586e51a60fabf-131ea99262dso8254615fac.9 for <nfsv4@ietf.org>; Sun, 02 Oct 2022 08:01:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=kgdwM4wfDEcDXxPNECxsK8llDNuh0KYPlMm8GMR5KiA=; b=n5KylYExto90dKfKsDZGaxC0hnjLwSKYH7pXCr1hNsvaii7Xwsy+aafKVGCto46Maj 2q+81ERbKNxzMIUmm/TpOABmozIGWtrisdA6MkSWe5e9of+I3WgVO6SjZflJcYiW08+x Lb7ORetBTGrN1pSlgo/+g6i2rGH0VY8VQl6HPbQJpF2bpP/KgDDug7+PH0Q9egBSUvQM bn+4Hg7T1jDD+Cvl7P+OQ4y3nMr6bGHibNjMYgrSYuJYCqf4TssqaUDgc5LgdYI6798J 9EsN9u70N0eKp5dUy8AbAzvU8WXSwppHLig7Dkx/1wdMLD7dnCwcFkMEG9KGOarY67xw RofA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=kgdwM4wfDEcDXxPNECxsK8llDNuh0KYPlMm8GMR5KiA=; b=x0QgXIysRDrsL09jF2fl9Pi9E52Y0N+aa6pcH5ejVyjvv2LQRwf6iiU/93zLkHcsHm 5VsU21Bz7Xof7rVKNN+tXxr8j6jAU0hbw4sidKzQGWPJxc8cbUrPWV4vvz/pUd4azIzx EtmAs3aw2TJbuEEEtm8mVm50g6wtdL3Lt6R/PR9b0OZYByXdWyBSWLj1K9OJYxnRxWxb J4OjsXRGpwp9bttV8JIoGHQSU9SE95RRXC/oJAd/N+QgYe8sUxRo6pipQMVZnJsr5W5y Ig6c5NKUSUcDvqbphocvq6m/not23HT0zYBNYVOPUr96kAt+vFNBl90YdJuSkYFs8ziQ gC8w==
X-Gm-Message-State: ACrzQf1DlUbS9E4b1/mWLhm1zpSNZF1dbgAOoI+yTn1qKYW3ciQVsMrA EiEeo3bj7RrnXlGX3/R9UCj3+b3DOMvI/0fqq0vF56e+2Q==
X-Google-Smtp-Source: AMsMyM4HvUY/7JQyKp7cTIIOCluksHafR7U6A4pTzl1AC9qKkPfCrvGddQCpj4iHQnMEOTLNa2r5woz8TBmjP6/w81I=
X-Received: by 2002:a05:6870:b14f:b0:127:d4f1:6a90 with SMTP id a15-20020a056870b14f00b00127d4f16a90mr3401901oal.116.1664722863548; Sun, 02 Oct 2022 08:01:03 -0700 (PDT)
MIME-Version: 1.0
References: <CADaq8jd4+FPhH0m5AuBgop_xJiYMjrRKva8mX0A-gioW_8b+5A@mail.gmail.com> <2CCC6B48-118F-48C3-A764-1380BAB72066@oracle.com> <CADaq8jeoyLbC_cFd8FwSzuSGFZAi9r3UsTGAxx5KykW+-99Jmg@mail.gmail.com> <606B4B27-0DC1-4215-987F-D97A37C4C278@oracle.com>
In-Reply-To: <606B4B27-0DC1-4215-987F-D97A37C4C278@oracle.com>
From: Trond Myklebust <trondmy@gmail.com>
Date: Sun, 02 Oct 2022 11:00:52 -0400
Message-ID: <CAABAsM7qhJwe5rw=7VpvJc22=h2gNktXOcarF0iOVv+YnarRHw@mail.gmail.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ee6f0e05ea0e7ef3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/xCXqprzwqkBCxGWULLQY0DPq4qY>
Subject: Re: [nfsv4] Comments on minutes of wg meeting at IETF114
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Oct 2022 15:01:10 -0000

On Tue, Sep 13, 2022 at 12:38 PM Chuck Lever III <chuck.lever@oracle.com>
wrote:

>
>
> On Sep 13, 2022, at 5:29 AM, David Noveck <davenoveck@gmail.com> wrote:
>
> On Mon, Sep 12, 2022, 12:25 PM Chuck Lever III <chuck.lever@oracle.com>
> wrote:
>
>
>> The conclusion of this discussion was to let the RDMA and ULB documents
>> expire and remove the charter milestone.
>>
>
> Regardless of that, we would have to ascertain consensus to do that.
> Decisions at working group meetings always have to be confirmed on the wg
> mailing list.
>
>
> Fwiw, the co-chair and area director in the room at the time did not state
> that requirement. The co-chair stated that the charter change was implied
> by the decision to allow the documents to expire, so I assumed that meant
> that no further bureaucratic actions were necessary.
>
>
> That should have been done a month ago, but we might as well have that
> discussion now.
>
>
>> A version 2 of RPC/RDMA is not in demand by any customer.
>>
>
> Fair enough.  It is a shame we have an RDMA approach so inferior to SMB.
> Sigh!
>
> >  I feel it’s time to let it rest,
>
> If you don't want to push this to a conclusion, then we have to live with
> what we have.
>
>
> It's not a matter of not wanting to push this to conclusion. It is simply
> not possible for me to finish this by myself: proper protocol development
> requires two independent implementations.
>
> After Linux, where is the second implementation? (Answer: there isn't one)
>
> Who is bringing RPC/RDMA v2 implementations to our testing events?
> (Answer: no one)
>
> Which vendors truly want to bring a second implementation of RPC/RDMA to
> market? (Answer: I have yet to hear of one that has the resources to do
> this)
>
> What customers are demanding it? (Answer: I have yet to hear of any; the
> demand has come exclusively from complaints made by protocol architects)
>
> Improving security for MPA/RDMAP is an approach that lifts all boats. What
> few resources the WG has is better spent on that instead of RPC/RDMA v2.
>
>
> > Unless or until there are sufficient resources to attack the addition of
> transport-layer security to MPA/RDMAP.
>
> That sounds to me too much like "We'll do it when we get around to it."
>
>
> You can spin it any way you like, but that's always the way it's been.
> When we have the energy and enthusiasm for an idea, it will get done
> somehow. We have more enthusiasm for what is essentially iWARP on QUIC than
> for RPC/RDMA v2.
>
>
> Because of the importance of security, we cannot simply wait for such
> resources to drop into our laps.
>
>
> It's not clear what motivated this remark, but no-one has suggested that
> we ignore the security requirements of RPC/RDMA.
>
>
> Chuck has informed me that a wg decision was made to abandon this document
>> but that does nĺ⁰ot appear in the minutes.
>>
>>
> I'm perplexed by this and expect to remain so even if a 3-D 4K-resolution
> video were discovered.
>
> Given that this was an individual draft, the decision was not a wg
> decision and does not have to be confirmed on the list.
>
> Instead, it is Chuck's decision to make but I'd like to understand why he
> made it.
>
> Let me give people some background.  Chuck objected to the treatment of
> SECINFO in some earlier security-0x draft.  He thought it was to
> complicated so we agreed that he would publish his approach, as he did in
> rpc- tls-pseudoflavors and I  would refer to that in the next security
> draft.
>
> Now it appears that Chuck has changed his mind and I'd appreciate knowing
> why <http://why.ch/>.
>
>
> Rick told me he is not going to implement it. Trond stated that the
> proposed mechanism is a hack, which I take to mean he will not accept it in
> the Linux client.
>
>
 Chuck recently reminded me that I haven't commented publicly on this
draft. I did explain my reasoning in an email to him a while back, so let
me just quote that:

First of all, it is mixing the concept of a transport and authentication.
While TLS can provide authentication of the client to the server, the only
thing that should matter conceptually to the SECINFO operation and its ilk
is that there is some form of trusted channel that is able to underpin the
otherwise weakly authenticated RPC operations. How that channel is created,
whether it is by TLS, QUIC, or even krb5i / krb5p using the machine
principal, …. should be irrelevant to the NFS client.

Secondly, we always send a NULL ping on connecting to the server anyway. If
we’re going to negotiate TLS, then why shouldn’t we just use that NULL ping
to immediately deduce whether or not TLS is supported? As long as the
server replies with something (error or not) then we know that the
connection to the server is good.

Thirdly, there is the fact that you’re learning this information after
connecting. So what is the point? If you are already connected via TLS,
then the information that TLS is supported is known. If you connected
without TLS, then how can you trust the reply? This is the whole
bootstrapping problem that causes us to prefer to always try krb5i first
for SETCLIENTID/EXCHANGE_ID if we have access to it, even if the NFS mount
has specified sec=sys.

Thanks!
  Trond

v2.23.0 | Report a Bug | By Email