Re: [nfsv4] testing of RPC over TLS
grarpamp <grarpamp@gmail.com> Fri, 27 November 2020 11:02 UTC
Return-Path: <grarpamp@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E1913A07F7 for <nfsv4@ietfa.amsl.com>; Fri, 27 Nov 2020 03:02:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovZU_1ufsjwj for <nfsv4@ietfa.amsl.com>; Fri, 27 Nov 2020 03:02:16 -0800 (PST)
Received: from mail-ej1-x641.google.com (mail-ej1-x641.google.com [IPv6:2a00:1450:4864:20::641]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8150E3A07F5 for <nfsv4@ietf.org>; Fri, 27 Nov 2020 03:02:16 -0800 (PST)
Received: by mail-ej1-x641.google.com with SMTP id m19so1322820ejl.11 for <nfsv4@ietf.org>; Fri, 27 Nov 2020 03:02:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=D/nYPU5w6nUw0yR3htmBSrOSLcLKWmaSCTm+A/C6QCE=; b=qIMlzAiMzxaJjyZlhq3/k2gzN0FTs0Fv7OGc7yFxo+uu3w+uUl9WS8k7SpLJhPn5hP OfAbFWMU3W64HpuGxTO37rPyEdDlrD+94IQboCyZzzuvDpumqSG5io1sfJl59tUamtnx G7dxRn7MiPcAcCgKNsBla5zeziMAqfTU3855MqmO2eb8Y5ZiplFMTQ7Ry1ydwUFnTp1S rmdprdr+ZqJaEcD7OufirLMGs+bb+R/1ezPr9SeIT1mqTCvfvpeHxkAHPP7tE78CMQ+r m2FXfenz2c6zGr6LbwSFk63pVePKIUu7IlOSksLgERTc+0eaZhAoZOZiVgq5bMy+AwLg QH2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=D/nYPU5w6nUw0yR3htmBSrOSLcLKWmaSCTm+A/C6QCE=; b=NUqX6f4ANI1uefSfqm0OMYzwV09fswDB79cPUSSJlHWdOsbm0KBmNF7idiXkiIf1T0 vaBLgHq8JO5Gw6PL5Mrum5RGQ4xP/rotLLQ2tuWLjHFX6WtCQDzSU9s9P4WjOiUjTwmp PvpmPrwUVYEXb7KepfSKZZyXz983n4XQUFhhv2LYYTHBRwlnn3nE1KkKWOjsAFge0T6M YPEvUdhI5OjW2zIB47Z8llhqY9N/MverRJsxly4YqEL6bo6802UhPWx3p0mA/6ATp66F UQeDZ6krDqwXHmGtKp4ktQZ4QQFWfk2ezozfGILchEdRUrpBtQpzA0bH9W8Cyzlm+Nxv H6aQ==
X-Gm-Message-State: AOAM530HFaDleg1r+FuuqMCkBHBZw5EsMJqwEsEyuj/tfz0qa8txWU0k ikPXcLq6VQs1eAspzIxeTIeDuyWgP93JWI42torFvd+GpOCWKQ==
X-Google-Smtp-Source: ABdhPJwYb5FQo1KHfU7lplJgpxQly4RkPgSmpC6xsrsdUhyHXr/mKsV1n0W0m89xsPSZ5JisI2e1JDJB0iXfXjK4zc4=
X-Received: by 2002:a17:906:c83b:: with SMTP id dd27mr4764651ejb.356.1606474934683; Fri, 27 Nov 2020 03:02:14 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a50:344f:0:0:0:0:0 with HTTP; Fri, 27 Nov 2020 03:02:13 -0800 (PST)
In-Reply-To: <20201127060959.GK34187@kduck.mit.edu>
References: <CAD2Ti2-8Kh+_XNBoPM6uCZXErohfkPdsGWauqviccMDURog6GA@mail.gmail.com> <20201127060959.GK34187@kduck.mit.edu>
From: grarpamp <grarpamp@gmail.com>
Date: Fri, 27 Nov 2020 06:02:13 -0500
Message-ID: <CAD2Ti2_N+DytVL0ObEMms0vRd5fG5MRTqjDWQYEqgTq4g7ArKQ@mail.gmail.com>
To: nfsv4@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/yIHRvwmlQidzo_iiFlTqs1lDHq4>
Subject: Re: [nfsv4] testing of RPC over TLS
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Nov 2020 11:02:18 -0000
On 11/27/20, Benjamin Kaduk <kaduk@mit.edu> wrote: >> > https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt >> >> How do users and administrators pin down the >> public key fingerprint of the NFS server's TLS certificate >> so that the hash is checked and thus a MITM >> attack is prevented? > only vocal proponent of this Often NFS users and admins... Are in and from nice private LAN environments, not public services. Aren't necessarily oriented to other nasty threat models. Come from legacy schools of thought that still incorrectly believe "CA" validation is all that's needed to neuter MITM. That's of course not universal, but "only" is relative, and in no way invalidates the considerations for pinning. If something speaks TLS, it needs to have pubkey pinning options. If RFC compliant implementations must do some certain things re TLS, then RFC can also say that... "5.2.3 Fingerprint pinning Implementations must offer options to configure pinning of the TLS certificate pubkey fingerprint hash". Some simple sentence like that is all that's needed. Then all the implementations, such as FreeBSD's, will have the option, users can read their manuals and use it as desired or not. If not put in the RFC, then some better implementions will have them, other lesser ones won't, the space for nfsv4 interop will thus be fragmented, users who want to use pinning will be constrained to certain OS's, comparisons made, etc. FreeBSD has a good degree of security consciousness, so it would be great and not surprising for them to offer pubkey pinning for their users and admins from the start. Sections 4 and 5 already require lots of things re TLS... so there is no reason it cannot also require the *options* to configure pubkey and CA pinning... further info on those can be included in references and appendix (while indeed at same time progressing more formal material in IETF or elsewhere). 5.2.3 Fingerprint Pinning [opts required] 5.2.3.1 Pubkey Hash [defn refs] 5.2.3.2 Certificate Hash [defn refs] " 5.2. TLS Peer Authentication TLS can perform peer authentication using any of the following mechanisms. 5.2.1. X.509 Certificates Using PKIX Trust RPC-over- TLS implementations are REQUIRED to support the PKIX mechanism described in [RFC5280]. " > "PKI vs. Pinning" section of > https://datatracker.ietf.org/doc/minutes-108-saag/ The above sentence also rightly avoids such TLS debates... - "scale" - "decisions about which rogue / forced / compromised CA's to 'trust'" - what "AV" "Google" companies think - namespaces, grand pie sky schemes - whether or not anyone thinks users need pinning or not - etc Pinning to the CA is not the sole and universal option for all users. For one, CA / Let's Encrypt sigs expire, such expiry is meaningless, the rotation causes excess "scale" maintenance under cert level pins, CA $igs often don't mean anything to real security contexts... and it has already been noted that any privkey compromise will result in the pubkey hash changing anyway, so CA is either moot or secondary to that pubkey fundamental. Pinning the pubkey "end entity cert" is the underlying simple method to avoid any concerning about CA. Users TLS environments, needs, models, validations... are different from debaters... instead stick to how to get the option into all implementations. But to not even mention pinning in RFC, to have removed it, not even having as 5.2.2's "optional option", or more fully detailed in Section 7 security considerations... seems potentially a bit irresponsible, particularly now that other TLS client-server applications are making some more mention and implement of it. https://tools.ietf.org/html/draft-ietf-nfsv4-rpc-tls " In 2014 the IETF published a document entitled "Pervasive Monitoring Is an Attack" [RFC7258], which recognized that unauthorized observation of network traffic had become widespread and was a subversive threat to all who make use of the Internet at large. It strongly recommended that newly defined Internet protocols should make a genuine effort to mitigate monitoring attacks. " " A classic form of attack on network protocols that initiate an association in plain-text to discover support for TLS is a man-in- the-middle " > watch the recording and read the associated email thread https://mailarchive.ietf.org/ IETF has configured CloudFlare (which btw is in fact a MITM, for which too few have contemplated that problem) to block users of VPN and other overlay services who would otherwise be quite happy to watch or read such things at that URL. Didn't see a video link in the minutes link. Best regards.
- [nfsv4] testing of RPC over TLS Rick Macklem
- Re: [nfsv4] testing of RPC over TLS grarpamp
- Re: [nfsv4] testing of RPC over TLS Benjamin Kaduk
- Re: [nfsv4] testing of RPC over TLS grarpamp
- Re: [nfsv4] testing of RPC over TLS David Noveck
- Re: [nfsv4] testing of RPC over TLS grarpamp