[secdir] secdir review of draft-ietf-nfsv4-mv0-trunking-update-02

"Christopher Wood" <christopherwood07@gmail.com> Tue, 11 December 2018 14:16 UTC

Return-Path: <christopherwood07@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52DFC1277CC; Tue, 11 Dec 2018 06:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p8b9lISfO6cK; Tue, 11 Dec 2018 06:16:40 -0800 (PST)
Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC23127333; Tue, 11 Dec 2018 06:16:37 -0800 (PST)
Received: by mail-pg1-x531.google.com with SMTP id w6so6695684pgl.6; Tue, 11 Dec 2018 06:16:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=VC6WgYu/M7c6gIqF32lzCLgnOEe+5bPgPQwJg6vUmoo=; b=Q4wAQdV/SgqWWNg+RHi0dz5kEsyaFpn8xfi1jU6vi+TJzqVYFAFR9+aWKcpK3rBteJ GjVTJTfjxg0kUfip160r3KeoQLr6xoW9MIVi6FcPCyXLbKIiT4trSjCQ7diwGdkvWaD0 qwqT9uoZdtGjAUHpSBBV0rG2MzzpF8ZVE6p/1cDp5ZaRCGSqguAoyeHOAthOypAP8VPg /a3c4hI8MHluen3AyBRCWszI7ad8eDqJBfKi20taqiIepyWDgRIJJkbCKM/KsL2nVRim g6/W7UQZp/d38SvXJs0tu1gxRFYcGXqiJBFHr/bOHEQsGPxA754U0itEf9n3LjNWugD2 ruqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=VC6WgYu/M7c6gIqF32lzCLgnOEe+5bPgPQwJg6vUmoo=; b=GYsKi/zzB6mMITwxLeN63/j5eEslSao1d4bgTDEoex+DMaEHGRRofxftKhgBBEP9Al 7L/O4Hx64yDXvX78SiLEkrSKLYqjepS+r4mUdyyuXyutyIBInvlBGJuPEjHLcRCWI8YH ikbW824h/3hpgOd0w/MsgKZ1pab41AomqhdEGm7PKdeytYNFasEm0nffPyUKmVy931wu R/v1zA0Ae6GR8equ3WvLCG3kTIg1MLQZyBprlwgufpnvClYOMEqsCqsa1c9ulIL9QEW2 TbJ0z0VRX4Ukjhx681IUueGCBSBq7kY9eK7bXg+pWCcZnoNhpjl21pJNq1ylwrmTu2j9 Tciw==
X-Gm-Message-State: AA+aEWbIvN1n9tJSCQlla2z5rsqnbGhxwwbmfaw/mS5m404rO1P1L94H 1iXTPnwv4NC54fQmLyBbSOx0z07U
X-Google-Smtp-Source: AFSGD/XLhCreErdrvVnIpz3b6QIQjWFNkxDZBRSkX72xiVtHCpWgN9lStqeDprdF42sydHkDwr6sQQ==
X-Received: by 2002:a62:3a04:: with SMTP id h4mr16327741pfa.119.1544537796036; Tue, 11 Dec 2018 06:16:36 -0800 (PST)
Received: from [10.0.0.184] ([2601:646:8100:1cfc:9555:9833:e3d2:73f7]) by smtp.gmail.com with ESMTPSA id l3sm24677313pga.92.2018.12.11.06.16.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Dec 2018 06:16:35 -0800 (PST)
From: "Christopher Wood" <christopherwood07@gmail.com>
To: "The IESG" <iesg@ietf.org>, secdir@ietf.org, draft-ietf-nfsv4-mv0-trunking-update@ietf.org
Date: Tue, 11 Dec 2018 06:16:33 -0800
X-Mailer: MailMate (1.12.2r5568)
Message-ID: <F11DB63C-7052-4813-B781-B3396E944E4F@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/47UsMTRDPu68R8er6hN5aYZKdME>
Subject: [secdir] secdir review of draft-ietf-nfsv4-mv0-trunking-update-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 14:16:41 -0000

Hello,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
  These comments were written primarily for the benefit of the security 
area directors.  Document editors and WG chairs should treat these 
comments just like any other last call comments.

   The summary of my review is: Ready with nits.

This document is in great shape and very well written. Most of my 
comments are editorial in nature aimed at helping improve readability of 
the document. Please let me know if you’ve further questions, 
comments, or concerns.

- Section 3, fourth bullet: Regarding “[NFSv4.1] distinguishes two 
(see [RFC5661]),” would it be possible to provide the two types of 
trunking relationships inline? Although this document is meant to 
supplement existing work, I do think it would help improve readability 
and minimize cross-referencing.
- Section 5.1, fifth bullet: Rather than specify that addresses “MUST 
provide a way of connecting to a single server,” could we specify 
desired client behavior if this does not happen? I do not know how often 
such misconfigurations occur, though it seems prudent to provide 
guidance in case it does.
- Section 5.2, sixth bullet: It might be worth pointing to the amended 
Security Considerations section, which contains relevant text regarding 
DNSSEC validation for host name entries. I left a note here while 
reading only to discover it was addressed later on.
- Section 5.2.3: Are clients allowed to race connection attempts across 
all types available? The text implies that this must be done 
sequentially, which seems unnecessarily prohibitive.
- Section 5.2.5, third paragraph, first sentence: Perhaps a simpler way 
to write this is something akin to “fs_locations cannot point to 
alternate locations until data propagation occurs”?

Best,
Chris