IETF Logo Mail Archive

Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-06.txt

David Noveck <davenoveck@gmail.com> Mon, 23 September 2019 18:22 UTC

Return-Path: <davenoveck@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C82A1120992 for <nfsv4@ietfa.amsl.com>; Mon, 23 Sep 2019 11:22:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 97f8mgaYIIk8 for <nfsv4@ietfa.amsl.com>; Mon, 23 Sep 2019 11:22:34 -0700 (PDT)
Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com [IPv6:2607:f8b0:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B9B9120982 for <nfsv4@ietf.org>; Mon, 23 Sep 2019 11:22:34 -0700 (PDT)
Received: by mail-ot1-x332.google.com with SMTP id o44so4541445ota.10 for <nfsv4@ietf.org>; Mon, 23 Sep 2019 11:22:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=F2e0nNltiz9reKTgPNmeujWHZXEac8JZRtlhNi9b9kM=; b=sO3/7AhLk5CM3Y0Nba2jrNVlupfPR3q6kmZHApSCgKgO7tfpzMLWWdXC0/Z3tfP3aw bH8bukb80ybuZOeQmme5IGhOfgrI0AGCBXyf9znBADL7j/lZyEXzRS4Iy8O073bLsD2d 5CL+oaUWvcuFoIr0pucrtllEAxLlw+vnut29c0tNPTns9Y+3wyvRAs1ymaeFiQpUVA9o WBkGCpzWW13S2YqZ41O+kYYjiegykKhkzUkjrcSBJR7QJbmgnyMQNX7VNiY2NFjfgvYI hmA4lV/FIZtLhnMT+N5/CIDOdjDpD5bUbYY9A0hvTcSK+4aiqhIJ3/jobKBL27hU//d+ UP4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=F2e0nNltiz9reKTgPNmeujWHZXEac8JZRtlhNi9b9kM=; b=jVmYeVKnvGTAl6Lbt0S5/NktkwVEhqDkLDHsqGa+r+jO1sNWVaEhS4V9eAyu6JS877 hvJ4mbZdi/6QJuVgawcgDOV3OSswUaHLPNZvjOsAZeQpyD8mxqH05t8CRceNRhlS0EOp +42rSNkIIiyXodGA+dNz/LYa7WSzVWQXdztqTp4vRhvQhPTKr7c/V1sEnUNuClpkmyrP GFG6D5mjJI7AuG2uwkD7SXz1VRd3Wz6c24DvLabwbgpnTpqJBEmwm9HTc5Mmui/3oRF4 w+qbNDyhwl1XuXrDXidNlxAYP7d05q6aeARVhG6YqKVAsP2g66QYgM9hQ9qmaMwew+B4 Cs1g==
X-Gm-Message-State: APjAAAUuwG+a5y5sPh/o/ckxEPIDHbI1UN2cwWi8Ed9m49XH14AvlxJL fAiTNKKJgK4aSkAJ3A/jJ62b4T+ZbvJ43JRw4lg=
X-Google-Smtp-Source: APXvYqyPlLUibF+/OX7XVH55p5NLdT3ghVkQjxC3JZxrYgwjDwoXARmlvstGDS7tthkFnc2cMI7BByAGdBxJZg9y4iw=
X-Received: by 2002:a9d:6404:: with SMTP id h4mr979877otl.294.1569262953779; Mon, 23 Sep 2019 11:22:33 -0700 (PDT)
MIME-Version: 1.0
References: <156919386717.1348.4052993311401417839@ietfa.amsl.com> <9BFB101A-F1E8-45C8-A85E-74DB434CE658@oracle.com> <CADaq8jdS+MUgV6kQ7hGH8vh47Akejc4N0djHerU5VFKGRW6oSw@mail.gmail.com> <A455DB96-4C40-491C-A0EB-A602FE64766F@oracle.com> <CADaq8jfBCoJ=dx5uGGJZhdH7x3Ca3HWEPsi19KVPJW9dKok4Yw@mail.gmail.com> <A24D851A-8210-4CEB-A6B9-960347EE420E@oracle.com>
In-Reply-To: <A24D851A-8210-4CEB-A6B9-960347EE420E@oracle.com>
From: David Noveck <davenoveck@gmail.com>
Date: Mon, 23 Sep 2019 14:22:22 -0400
Message-ID: <CADaq8jf6NB0m55KP_5hUCF74m06h1bUEPsCdfcLhp5oK1nPJmA@mail.gmail.com>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: NFSv4 <nfsv4@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000eb553205933c80d4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/yBeC3wAG_3a6K0LK2em_1j-oD_s>
Subject: Re: [nfsv4] I-D Action: draft-ietf-nfsv4-integrity-measurement-06.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2019 18:22:50 -0000

> Help me understand exactly why the current section is lacking.

i promised to send you a review and i will.

> I don't see why the exact authorization mechanism must be specified in
this document,

I'm not saying i need the ezact authentication mechanism, but the current
document
is light-years or megaparsecs) away from that.  this may not be the
intention but right
now the document essentially gives the server to accept or jects request
without constraint.

> since:

> a. it doesn't matter for interoperability

It does.   To be interoperable you have to interoperate, i.e issue a valid
request and
have the required operation performed.   That ability is compromised if the
server can reject it for any reason it chooses.
> b. the mechanism used for updating IMA metadata on
   local files on Linux (the CAP_SYS_ADMIN capability)
   does not exist in NFS; moreover capabilities are
   not defined in a standard

I don't understand the relevance of that.

> c. authorization is done by policy in other arenas
   (for example, the IP-based access control that is
   implemented by most current NFS servers), thus it
   should be sufficient here too

Yes it exists and a document you are writing explains what is
wrong with that.   i don't want us to create a similar mess here
if we can avoid it.    In summary, it is clearly not sufficient
there, although it unfortunately exists.

> even though it should strive to be as helpfu as it can.   Also, it
appears that the Linux community cannot make its own mind about how to
address this issue so perhaps some intra-community compromise is in order.

> See above. It's really not a simple matter of the community shrugging and
punting.

I'm not sure what it is but i note there are at least four different
approahes specified in the document and that somenody would have to
compromise to reduce that number.


> If that isn't forthcoming, our only option might to approve this as an
experimental/informational  RFC and upgrade it when the Linux community
gets its act together.

>That's a bit unfair. See above: there is a complete mismatch between how
> it works on local file systems and what mechanisms are available with NFS.
> IMO we are in a position to enable both "close enough" server
implementations
> and for server implementers to exercise some innovation.

Maybe we are, but I don't see much effort in that direction in the current
document.

> Anticipating the IESG's reaction to this text is probably not going to be
> possible or helpful. I'd rather hear their complaints from them.

Agrre.  If this gets through WGLC and IETF last call, then you can hear
their
complaints first-hand.

>Let's focus
> on the WG's concerns first.

As I said, I'll be sending my review comments pretty soon.

On Mon, Sep 23, 2019 at 1:48 PM Chuck Lever <chuck.lever@oracle.com> wrote:

>
>
> > On Sep 23, 2019, at 10:19 AM, David Noveck <davenoveck@gmail.com> wrote:
> >
> > > The guidance in that section falls into the realm of "compromise
> between the Linux community and the > specification writer"
> >
> > I gaathered that, but it should not be assumed that the woring group is
> prepared for the same level of compromise,
>
> Help me understand exactly why the current section is lacking. I don't see
> why the exact authorization mechanism must be specified in this document,
> since:
>
> a. it doesn't matter for interoperability
> b. the mechanism used for updating IMA metadata on
>    local files on Linux (the CAP_SYS_ADMIN capability)
>    does not exist in NFS; moreover capabilities are
>    not defined in a standard
> c. authorization is done by policy in other arenas
>    (for example, the IP-based access control that is
>    implemented by most current NFS servers), thus it
>    should be sufficient here too
>
>
> > even though it should strive to be as helpfu as it can.   Also, it
> appears that the Linux community cannot make its own mind about how to
> address this issue so perhaps some intra-community compromise is in order.
>
> See above. It's really not a simple matter of the community shrugging and
> punting.
>
>
> > If that isn't forthcoming, our only option might to approve this as an
> experimental/informational  RFC and upgrade it when the Linux community
> gets its act together.
>
> That's a bit unfair. See above: there is a complete mismatch between how
> it works on local file systems and what mechanisms are available with NFS.
> IMO we are in a position to enable both "close enough" server
> implementations
> and for server implementers to exercise some innovation.
>
> Anticipating the IESG's reaction to this text is probably not going to be
> possible or helpful. I'd rather hear their complaints from them. Let's
> focus
> on the WG's concerns first.
>
>
> > On Mon, Sep 23, 2019 at 12:28 PM Chuck Lever <chuck.lever@oracle.com>
> wrote:
> > Context: The guidance in that section falls into the realm of
> "compromise between the Linux community and the specification writer".
> >
> >
> > > On Sep 23, 2019, at 8:23 AM, David Noveck <davenoveck@gmail.com>
> wrote:
> > >
> > > > It's probably ready for (it's first) WGLC. :-)
> > >
> > > I feel that the basic issue with section 4.3.2 has not been
> > > satisfactorily resolved.    I'll send out a mail with the details
> > > in the next few days.
> > >
> > >
> > >
> > > On Sun, Sep 22, 2019 at 7:15 PM Chuck Lever <chuck.lever@oracle.com>
> wrote:
> > >
> > >
> > > > On Sep 22, 2019, at 4:11 PM, internet-drafts@ietf.org wrote:
> > > >
> > > >
> > > > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > > > This draft is a work item of the Network File System Version 4 WG of
> the IETF.
> > > >
> > > >        Title           : Integrity Measurement for Network File
> System version 4
> > > >        Author          : Charles Lever
> > > >       Filename        : draft-ietf-nfsv4-integrity-measurement-06.txt
> > > >       Pages           : 18
> > > >       Date            : 2019-09-22
> > > >
> > > > Abstract:
> > > >   This document specifies an OPTIONAL extension to NFS version 4
> minor
> > > >   version 2 that enables Linux Integrity Measurement Architecture
> > > >   metadata (IMA) to be conveyed between NFS version 4.2 servers and
> > > >   clients.  Integrity measurement authenticates the creator of a
> file's
> > > >   content and helps guarantee the content's integrity end-to-end from
> > > >   creation to use.
> > > >
> > > >
> > > > The IETF datatracker status page for this draft is:
> > > >
> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/
> > > >
> > > > There are also htmlized versions available at:
> > > >
> https://tools.ietf.org/html/draft-ietf-nfsv4-integrity-measurement-06
> > > >
> https://datatracker.ietf.org/doc/html/draft-ietf-nfsv4-integrity-measurement-06
> > > >
> > > > A diff from the previous version is available at:
> > > >
> https://www.ietf.org/rfcdiff?url2=draft-ietf-nfsv4-integrity-measurement-06
> > > >
> > > >
> > > > Please note that it may take a couple of minutes from the time of
> submission
> > > > until the htmlized version and diff are available at tools.ietf.org.
> > > >
> > > > Internet-Drafts are also available by anonymous FTP at:
> > > > ftp://ftp.ietf.org/internet-drafts/
> > >
> > > Fresh revision incorporates comments from IETF 105 and Linux
> > > Security Summit North America 2019.
> > >
> > > It's probably ready for (it's first) WGLC. :-) It's OK if the
> > > chair prefers to wait until we have more fully dealt with
> > > outstanding RFC 5661 errata.
> > >
> > >
> > > --
> > > Chuck Lever
> > >
> > >
> > >
> > > _______________________________________________
> > > nfsv4 mailing list
> > > nfsv4@ietf.org
> > > https://www.ietf.org/mailman/listinfo/nfsv4
> >
> > --
> > Chuck Lever
> >
> >
> >
> > _______________________________________________
> > nfsv4 mailing list
> > nfsv4@ietf.org
> > https://www.ietf.org/mailman/listinfo/nfsv4
>
> --
> Chuck Lever
>
>
>
>

v2.23.0 | Report a Bug | By Email