Re: [secdir] draft-ietf-nfsv4-rpcsec-gssv3-13

Benjamin Kaduk <kaduk@MIT.EDU> Wed, 09 December 2015 22:51 UTC

Date: Wed, 09 Dec 2015 17:51:20 -0500
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: "secdir@ietf.org" <secdir@ietf.org>
In-Reply-To: <CABrd9SS-VoJnauz-T-P4w420VNqo6qt6vCfwb9JfsN7ZpZqnmQ@mail.gmail.com>
Message-ID: <alpine.GSO.1.10.1512091748180.26829@multics.mit.edu>
References: <CABrd9SS-VoJnauz-T-P4w420VNqo6qt6vCfwb9JfsN7ZpZqnmQ@mail.gmail.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/3sXs7T_9BSa5AUqjjXESFp2N66k>
Subject: Re: [secdir] draft-ietf-nfsv4-rpcsec-gssv3-13
Precedence: list

On Wed, 9 Dec 2015, Ben Laurie wrote:

> This is _NOT_ a proper review, and hence only to secdir.
>
> I've take a good look at this thing, and its a rather complicated addition
> to an already rather complicated protocol.
>
> I don't feel qualified to make a good assessment of it, I suggest you find
> someone more expert on the protocols to review.

To add to this, previous versions of this document included critical
security flaws.  The latest version has attempts to fix those flaws, but I
do not think anyone has done a proper security review since then.

(At the moment, it looks like I will not have enough free time to do a
re-review.)

-Ben

[secdir] draft-ietf-nfsv4-rpcsec-gssv3-13 Ben Laurie
Re: [secdir] draft-ietf-nfsv4-rpcsec-gssv3-13 Benjamin Kaduk