Re: [nfsv4] Kathleen Moriarty's Discuss on draft-ietf-nfsv4-flex-files-15: (with DISCUSS)

Hi, Thomas,

On Jan 25, 2018 1:56 AM, "Thomas Haynes" <loghyr@gmail.com> wrote:

On Jan 24, 2018, at 8:58 PM, Spencer Dawkins at IETF <
spencerdawkins.ietf@gmail.com> wrote:

Cool.

On Jan 24, 2018 20:29, "Kathleen Moriarty" <kathleen.moriarty.ietf@gmail.com>
wrote:

Hi,

First off, I was less concerned about this point than the proposed
text discussed and other points. Having said that...

On Wed, Jan 24, 2018 at 6:47 PM, Spencer Dawkins at IETF
<spencerdawkins.ietf@gmail.com> wrote:
> Kathleen and EKR,
>
>
> On Jan 24, 2018 16:25, "Tom Haynes" <loghyr@gmail.com> wrote:
>
> I purposely did not update the document to avoid confusion during this
> process.
>
> There was an unanswered question in my last reply, namely concerning the
use
> of SHOULD versus MUST in the 3rd sentence below:
>
>    It is RECOMMENDED to implement common access control methods at the
>    storage device filesystem to allow only the metadata server root
>    (super user) access to the storage device, and to set the owner of
>    all directories holding data files to the root user.  This approach
>    provides a practical model to enforce access control and fence off
>    cooperative clients, but it can not protect against malicious
>    clients; hence it provides a level of security equivalent to
>    AUTH_SYS.  Communications between the metadata server and file server
>    SHOULD be secure from eavesdroppers and man-in-the-middle protocol
>    tampering.  The security measure could be due to physical security
>    (e.g., the servers are co-located in a physically secure area), from
>    encrypted communications, or some other technique.
>

I think rephrasing to RECOMMENDED would be good here.

Hi Kathleen,

I think you are proposing:

It is RECOMMENDED that the communication between the metadata server and
storage device be secure ….

So, Thomas, do you have any more questions I should be chasing?

Hi Spencer,

Yes, what is the difference between SHOULD and RECOMMENDED? It must be a
nuance I am missing...

>From RFC2119, I don’t see the difference.

3. SHOULD   This word, or the adjective "RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.

BTW - the text above is from the proposed 16th copy of the draft. Once we
get past this issue,
I will submit it.

We will likely chat about this on today's telechat, but I read Kathleen's
response as "no, it doesn't have to be MUST".

The switch between SHOULD and RECOMMENDED was probably not significant. I
don't think there's a difference,  either.

Spencer

Thanks,
Tom

Spencer

Thank you,
Kathleen

>
>> On Jan 24, 2018, at 8:42 AM, Kathleen Moriarty
>> <Kathleen.Moriarty.ietf@gmail.com> wrote:
>>
>> Kathleen Moriarty has entered the following ballot position for
>> draft-ietf-nfsv4-flex-files-15: Discuss
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-nfsv4-flex-files/
>>
>>
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>> Thanks for your response to the SecDir review.  I see the proposed
changes
>> have
>> not been integrated yet.  This discuss will be resolved when the SecDir
>> review
>> changes have been included.
>>
>
> I purposely did not update the document to avoid confusion during this
> process.
>
> There was an unanswered question in my last reply, namely concerning the
use
> of SHOULD versus MUST in the 3rd sentence below:
>
>    It is RECOMMENDED to implement common access control methods at the
>    storage device filesystem to allow only the metadata server root
>    (super user) access to the storage device, and to set the owner of
>    all directories holding data files to the root user.  This approach
>    provides a practical model to enforce access control and fence off
>    cooperative clients, but it can not protect against malicious
>    clients; hence it provides a level of security equivalent to
>    AUTH_SYS.  Communications between the metadata server and file server
>    SHOULD be secure from eavesdroppers and man-in-the-middle protocol
>    tampering.  The security measure could be due to physical security
>    (e.g., the servers are co-located in a physically secure area), from
>    encrypted communications, or some other technique.
>
>
> Do you folks have any thoughts about whether "secure from eavesdroppers"
> ought to be SHOULD or MUST?
>
> IIUC, Thomas was reluctant to specify MUST ... and since we're saying that
> co-location in a secure area is one of the options, I'm not sure why this
> would be either SHOULD or MUST in the first place.
>
> Conformance test cases for that requirement would be a riot ... :-)
>
> Spencer
>
>> https://mailarchive.ietf.org/arch/msg/secdir/HKdT2KjnWJFmzEPxlGcNH0OnUDg
>>
>>
>>
>>
>> _______________________________________________
>> nfsv4 mailing list
>> nfsv4@ietf.org
>> https://www.ietf.org/mailman/listinfo/nfsv4
>
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4
>
>

--

Best regards,
Kathleen