IETF Logo Mail Archive

Re: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt

"Mkrtchyan, Tigran" <tigran.mkrtchyan@desy.de> Tue, 20 November 2018 20:27 UTC

Return-Path: <tigran.mkrtchyan@desy.de>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78AF9130DD0 for <nfsv4@ietfa.amsl.com>; Tue, 20 Nov 2018 12:27:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HK_RANDOM_ENVFROM=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=desy.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i1oTRREPXp9q for <nfsv4@ietfa.amsl.com>; Tue, 20 Nov 2018 12:27:17 -0800 (PST)
Received: from smtp-o-3.desy.de (smtp-o-3.desy.de [IPv6:2001:638:700:1038::1:9c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9211A130DCC for <nfsv4@ietf.org>; Tue, 20 Nov 2018 12:27:17 -0800 (PST)
Received: from smtp-buf-2.desy.de (smtp-buf-2.desy.de [IPv6:2001:638:700:1038::1:a5]) by smtp-o-3.desy.de (DESY-O-3) with ESMTP id 2D7A428090A for <nfsv4@ietf.org>; Tue, 20 Nov 2018 21:27:15 +0100 (CET)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp-o-3.desy.de 2D7A428090A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=desy.de; s=default; t=1542745635; bh=lSobASxqueyNA+2iUmmUWzhkfJVRY4rlxmu/tB7gDM4=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=myfy/OdhAoqxF4m244o8q+QlnnqV7teLMPXWIC5m7dMo3RCgQ6N1g9CfyPHIwwY7c Lk/ffiXiXJyqYuMCPMgBF7SzaUlp4CDx0NNRTYGG61RNuLhUPYtMpqdXYfyWF2VGxm 0tgywlKFzNWOXAlpeF+JAr9vYiyjHWJtMKp8G07g=
Received: from smtp-m-2.desy.de (smtp-m-2.desy.de [131.169.56.130]) by smtp-buf-2.desy.de (Postfix) with ESMTP id 26FBC1A0082; Tue, 20 Nov 2018 21:27:15 +0100 (CET)
X-Virus-Scanned: amavisd-new at desy.de
Received: from z-mbx-2.desy.de (z-mbx-2.desy.de [131.169.55.140]) by smtp-intra-1.desy.de (DESY-INTRA-1) with ESMTP id EC2F63E901; Tue, 20 Nov 2018 21:27:14 +0100 (MET)
Date: Tue, 20 Nov 2018 21:27:14 +0100
From: "Mkrtchyan, Tigran" <tigran.mkrtchyan@desy.de>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: NFSv4 <nfsv4@ietf.org>
Message-ID: <915476631.107275.1542745634870.JavaMail.zimbra@desy.de>
In-Reply-To: <50A96C3A-DBA4-4A6C-B883-664E59E24534@oracle.com>
References: <154264272736.5235.8955444239583271708.idtracker@ietfa.amsl.com> <50A96C3A-DBA4-4A6C-B883-664E59E24534@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Zimbra 8.8.10_GA_3713 (ZimbraWebClient - FF63 (Linux)/8.8.10_GA_3041)
Thread-Topic: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
Thread-Index: JwUGFEawdZJrLgCvo1vXyzi8rO2JIQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/zyLWKiBFDxOmwCRf_KyUB2RP5iM>
Subject: Re: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 20:27:20 -0000

Hi Chuck et al.,

Thanks for pushing this forward!

One of the option that I would consider is an implicit TLS support on a
different port number without RPC NULL call handshake. Such
functionality will allow to simplify server implementation, where security
information have to be pushed down to server's internals to validate
desired security flavor, a-la sec=tls. In your proposal, after STARTTLS
client changes auth flavor to AUTH_SYS and sych validation will required
more internal changes to existing implementations. In addition, with the help
of stunnel, as was suggested in the this activity triggering article, old
clients will be able to talk `implicit TLS` servers (and wise versa).

Regards,
   Tigran.


----- Original Message -----
> From: "Chuck Lever" <chuck.lever@oracle.com>
> To: "NFSv4" <nfsv4@ietf.org>
> Sent: Monday, November 19, 2018 4:55:41 PM
> Subject: [nfsv4] Fwd: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt

> Hi-
> 
>> Begin forwarded message:
>> 
>> From: internet-drafts@ietf.org
>> Subject: New Version Notification for draft-cel-nfsv4-rpc-tls-01.txt
>> Date: November 19, 2018 at 10:52:07 AM EST
>> To: "Trond Myklebust" <trond.myklebust@hammerspace.com>, "Charles Lever"
>> <chuck.lever@oracle.com>, "Chuck Lever" <chuck.lever@oracle.com>
>> 
>> 
>> A new version of I-D, draft-cel-nfsv4-rpc-tls-01.txt
>> has been successfully submitted by Charles Lever and posted to the
>> IETF repository.
>> 
>> Name:		draft-cel-nfsv4-rpc-tls
>> Revision:	01
>> Title:		Remote Procedure Call Encryption By Default
>> Document date:	2018-11-19
>> Group:		Individual Submission
>> Pages:		9
>> URL:
>> https://www.ietf.org/internet-drafts/draft-cel-nfsv4-rpc-tls-01.txt
>> Status:         https://datatracker.ietf.org/doc/draft-cel-nfsv4-rpc-tls/
>> Htmlized:       https://tools.ietf.org/html/draft-cel-nfsv4-rpc-tls-01
>> Htmlized:       https://datatracker.ietf.org/doc/html/draft-cel-nfsv4-rpc-tls
>> Diff:           https://www.ietf.org/rfcdiff?url2=draft-cel-nfsv4-rpc-tls-01
>> 
>> Abstract:
>>   This document describes a mechanism that enables encryption of in-
>>   transit Remote Procedure Call (RPC) transactions with little
>>   administrative overhead and full interoperation with RPC
>>   implementations that do not support this mechanism.  This document
>>   updates RFC 5531.
>> 
>> 
>> 
>> 
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>> 
>> The IETF Secretariat
> 
> Minor changes in revision 01:
> - Correct a legal issue reported by idnits
> - Clarify terminology throughout document
> - Add editor's note in Section 4.3 "Authentication"
> - Wordsmithing throughout
> 
> 
> The immediate question I have is whether members of WG feel this
> topic and document are important enough to promote rpc-tls-01 to
> Working Group document status. If yes, I can submit the next
> revision as draft-ietf-nfsv4-rpc-tls-00.
> 
> 
> --
> Chuck Lever
> 
> 
> 
> _______________________________________________
> nfsv4 mailing list
> nfsv4@ietf.org
> https://www.ietf.org/mailman/listinfo/nfsv4

v2.23.0 | Report a Bug | By Email