Re: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
"Mkrtchyan, Tigran" <tigran.mkrtchyan@desy.de> Tue, 20 November 2018 20:27 UTC
Return-Path: <tigran.mkrtchyan@desy.de>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78AF9130DD0 for <nfsv4@ietfa.amsl.com>; Tue, 20 Nov 2018 12:27:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HK_RANDOM_ENVFROM=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=desy.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i1oTRREPXp9q for <nfsv4@ietfa.amsl.com>; Tue, 20 Nov 2018 12:27:17 -0800 (PST)
Received: from smtp-o-3.desy.de (smtp-o-3.desy.de [IPv6:2001:638:700:1038::1:9c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9211A130DCC for <nfsv4@ietf.org>; Tue, 20 Nov 2018 12:27:17 -0800 (PST)
Received: from smtp-buf-2.desy.de (smtp-buf-2.desy.de [IPv6:2001:638:700:1038::1:a5]) by smtp-o-3.desy.de (DESY-O-3) with ESMTP id 2D7A428090A for <nfsv4@ietf.org>; Tue, 20 Nov 2018 21:27:15 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp-o-3.desy.de 2D7A428090A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=desy.de; s=default; t=1542745635; bh=lSobASxqueyNA+2iUmmUWzhkfJVRY4rlxmu/tB7gDM4=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=myfy/OdhAoqxF4m244o8q+QlnnqV7teLMPXWIC5m7dMo3RCgQ6N1g9CfyPHIwwY7c Lk/ffiXiXJyqYuMCPMgBF7SzaUlp4CDx0NNRTYGG61RNuLhUPYtMpqdXYfyWF2VGxm 0tgywlKFzNWOXAlpeF+JAr9vYiyjHWJtMKp8G07g=
Received: from smtp-m-2.desy.de (smtp-m-2.desy.de [131.169.56.130]) by smtp-buf-2.desy.de (Postfix) with ESMTP id 26FBC1A0082; Tue, 20 Nov 2018 21:27:15 +0100 (CET)
X-Virus-Scanned: amavisd-new at desy.de
Received: from z-mbx-2.desy.de (z-mbx-2.desy.de [131.169.55.140]) by smtp-intra-1.desy.de (DESY-INTRA-1) with ESMTP id EC2F63E901; Tue, 20 Nov 2018 21:27:14 +0100 (MET)
Date: Tue, 20 Nov 2018 21:27:14 +0100
From: "Mkrtchyan, Tigran" <tigran.mkrtchyan@desy.de>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: NFSv4 <nfsv4@ietf.org>
Message-ID: <915476631.107275.1542745634870.JavaMail.zimbra@desy.de>
In-Reply-To: <50A96C3A-DBA4-4A6C-B883-664E59E24534@oracle.com>
References: <154264272736.5235.8955444239583271708.idtracker@ietfa.amsl.com> <50A96C3A-DBA4-4A6C-B883-664E59E24534@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Zimbra 8.8.10_GA_3713 (ZimbraWebClient - FF63 (Linux)/8.8.10_GA_3041)
Thread-Topic: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
Thread-Index: JwUGFEawdZJrLgCvo1vXyzi8rO2JIQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/zyLWKiBFDxOmwCRf_KyUB2RP5iM>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 20:27:20 -0000
Hi Chuck et al., Thanks for pushing this forward! One of the option that I would consider is an implicit TLS support on a different port number without RPC NULL call handshake. Such functionality will allow to simplify server implementation, where security information have to be pushed down to server's internals to validate desired security flavor, a-la sec=tls. In your proposal, after STARTTLS client changes auth flavor to AUTH_SYS and sych validation will required more internal changes to existing implementations. In addition, with the help of stunnel, as was suggested in the this activity triggering article, old clients will be able to talk `implicit TLS` servers (and wise versa). Regards, Tigran. ----- Original Message ----- > From: "Chuck Lever" <chuck.lever@oracle.com> > To: "NFSv4" <nfsv4@ietf.org> > Sent: Monday, November 19, 2018 4:55:41 PM > Subject: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt > Hi- > >> Begin forwarded message: >> >> From: internet-drafts@ietf.org >> Subject: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt >> Date: November 19, 2018 at 10:52:07 AM EST >> To: "Trond Myklebust" <trond.myklebust@hammerspace.com>, "Charles Lever" >> <chuck.lever@oracle.com>, "Chuck Lever" <chuck.lever@oracle.com> >> >> >> A new version of I-D, draft-cel-nfsv4-rpc-tls-01.txt >> has been successfully submitted by Charles Lever and posted to the >> IETF repository. >> >> Name: draft-cel-nfsv4-rpc-tls >> Revision: 01 >> Title: Remote Procedure Call Encryption By Default >> Document date: 2018-11-19 >> Group: Individual Submission >> Pages: 9 >> URL: >> https://www.ietf.org/internet-drafts/draft-cel-nfsv4-rpc-tls-01.txt >> Status: https://datatracker.ietf.org/doc/draft-cel-nfsv4-rpc-tls/ >> Htmlized: https://tools.ietf.org/html/draft-cel-nfsv4-rpc-tls-01 >> Htmlized: https://datatracker.ietf.org/doc/html/draft-cel-nfsv4-rpc-tls >> Diff: https://www.ietf.org/rfcdiff?url2=draft-cel-nfsv4-rpc-tls-01 >> >> Abstract: >> This document describes a mechanism that enables encryption of in- >> transit Remote Procedure Call (RPC) transactions with little >> administrative overhead and full interoperation with RPC >> implementations that do not support this mechanism. This document >> updates RFC 5531. >> >> >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> The IETF Secretariat > > Minor changes in revision 01: > - Correct a legal issue reported by idnits > - Clarify terminology throughout document > - Add editor's note in Section 4.3 "Authentication" > - Wordsmithing throughout > > > The immediate question I have is whether members of WG feel this > topic and document are important enough to promote rpc-tls-01 to > Working Group document status. If yes, I can submit the next > revision as draft-ietf-nfsv4-rpc-tls-00. > > > -- > Chuck Lever > > > > _______________________________________________ > nfsv4 mailing list > nfsv4@ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] Fwd: New Version Notification for draft-c… Chuck Lever
- Re: [nfsv4] Fwd: New Version Notification for dra… Rob Thurlow
- Re: [nfsv4] Fwd: New Version Notification for dra… Chuck Lever
- Re: [nfsv4] Fwd: New Version Notification for dra… McDonald, Alex
- Re: [nfsv4] Fwd: New Version Notification for dra… Chuck Lever
- Re: [nfsv4] Fwd: New Version Notification for dra… Tom Talpey
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… David Noveck
- Re: [nfsv4] Fwd: New Version Notification for dra… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… David Noveck
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Lars Eggert
- Re: [nfsv4] New Version Notification for draft-ce… Lars Eggert
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Tom Talpey
- Re: [nfsv4] New Version Notification for draft-ce… Benjamin Kaduk
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Tom Talpey
- Re: [nfsv4] New Version Notification for draft-ce… Trond Myklebust
- Re: [nfsv4] New Version Notification for draft-ce… Trond Myklebust
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Tom Talpey
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Olga Kornievskaia
- Re: [nfsv4] New Version Notification for draft-ce… Tom Talpey
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran
- Re: [nfsv4] New Version Notification for draft-ce… Chuck Lever
- Re: [nfsv4] New Version Notification for draft-ce… Benjamin Kaduk
- Re: [nfsv4] New Version Notification for draft-ce… Mkrtchyan, Tigran