[secdir] secdir review of draft-ietf-nfsv4-mv0-trunking-update-02
"Christopher Wood" <christopherwood07@gmail.com> Tue, 11 December 2018 14:16 UTC
Return-Path: <christopherwood07@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52DFC1277CC; Tue, 11 Dec 2018 06:16:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p8b9lISfO6cK; Tue, 11 Dec 2018 06:16:40 -0800 (PST)
Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FC23127333; Tue, 11 Dec 2018 06:16:37 -0800 (PST)
Received: by mail-pg1-x531.google.com with SMTP id w6so6695684pgl.6; Tue, 11 Dec 2018 06:16:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=VC6WgYu/M7c6gIqF32lzCLgnOEe+5bPgPQwJg6vUmoo=; b=Q4wAQdV/SgqWWNg+RHi0dz5kEsyaFpn8xfi1jU6vi+TJzqVYFAFR9+aWKcpK3rBteJ GjVTJTfjxg0kUfip160r3KeoQLr6xoW9MIVi6FcPCyXLbKIiT4trSjCQ7diwGdkvWaD0 qwqT9uoZdtGjAUHpSBBV0rG2MzzpF8ZVE6p/1cDp5ZaRCGSqguAoyeHOAthOypAP8VPg /a3c4hI8MHluen3AyBRCWszI7ad8eDqJBfKi20taqiIepyWDgRIJJkbCKM/KsL2nVRim g6/W7UQZp/d38SvXJs0tu1gxRFYcGXqiJBFHr/bOHEQsGPxA754U0itEf9n3LjNWugD2 ruqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=VC6WgYu/M7c6gIqF32lzCLgnOEe+5bPgPQwJg6vUmoo=; b=GYsKi/zzB6mMITwxLeN63/j5eEslSao1d4bgTDEoex+DMaEHGRRofxftKhgBBEP9Al 7L/O4Hx64yDXvX78SiLEkrSKLYqjepS+r4mUdyyuXyutyIBInvlBGJuPEjHLcRCWI8YH ikbW824h/3hpgOd0w/MsgKZ1pab41AomqhdEGm7PKdeytYNFasEm0nffPyUKmVy931wu R/v1zA0Ae6GR8equ3WvLCG3kTIg1MLQZyBprlwgufpnvClYOMEqsCqsa1c9ulIL9QEW2 TbJ0z0VRX4Ukjhx681IUueGCBSBq7kY9eK7bXg+pWCcZnoNhpjl21pJNq1ylwrmTu2j9 Tciw==
X-Gm-Message-State: AA+aEWbIvN1n9tJSCQlla2z5rsqnbGhxwwbmfaw/mS5m404rO1P1L94H 1iXTPnwv4NC54fQmLyBbSOx0z07U
X-Google-Smtp-Source: AFSGD/XLhCreErdrvVnIpz3b6QIQjWFNkxDZBRSkX72xiVtHCpWgN9lStqeDprdF42sydHkDwr6sQQ==
X-Received: by 2002:a62:3a04:: with SMTP id h4mr16327741pfa.119.1544537796036; Tue, 11 Dec 2018 06:16:36 -0800 (PST)
Received: from [10.0.0.184] ([2601:646:8100:1cfc:9555:9833:e3d2:73f7]) by smtp.gmail.com with ESMTPSA id l3sm24677313pga.92.2018.12.11.06.16.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Dec 2018 06:16:35 -0800 (PST)
From: Christopher Wood <christopherwood07@gmail.com>
To: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-nfsv4-mv0-trunking-update@ietf.org
Date: Tue, 11 Dec 2018 06:16:33 -0800
X-Mailer: MailMate (1.12.2r5568)
Message-ID: <F11DB63C-7052-4813-B781-B3396E944E4F@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/47UsMTRDPu68R8er6hN5aYZKdME>
Subject: [secdir] secdir review of draft-ietf-nfsv4-mv0-trunking-update-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Dec 2018 14:16:41 -0000
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of my review is: Ready with nits. This document is in great shape and very well written. Most of my comments are editorial in nature aimed at helping improve readability of the document. Please let me know if you’ve further questions, comments, or concerns. - Section 3, fourth bullet: Regarding “[NFSv4.1] distinguishes two (see [RFC5661]),” would it be possible to provide the two types of trunking relationships inline? Although this document is meant to supplement existing work, I do think it would help improve readability and minimize cross-referencing. - Section 5.1, fifth bullet: Rather than specify that addresses “MUST provide a way of connecting to a single server,” could we specify desired client behavior if this does not happen? I do not know how often such misconfigurations occur, though it seems prudent to provide guidance in case it does. - Section 5.2, sixth bullet: It might be worth pointing to the amended Security Considerations section, which contains relevant text regarding DNSSEC validation for host name entries. I left a note here while reading only to discover it was addressed later on. - Section 5.2.3: Are clients allowed to race connection attempts across all types available? The text implies that this must be done sequentially, which seems unnecessarily prohibitive. - Section 5.2.5, third paragraph, first sentence: Perhaps a simpler way to write this is something akin to “fs_locations cannot point to alternate locations until data propagation occurs”? Best, Chris
- [secdir] secdir review of draft-ietf-nfsv4-mv0-tr… Christopher Wood
- Re: [secdir] secdir review of draft-ietf-nfsv4-mv… Spencer Dawkins at IETF
- Re: [secdir] secdir review of draft-ietf-nfsv4-mv… Chuck Lever
- Re: [secdir] secdir review of draft-ietf-nfsv4-mv… Chuck Lever
- Re: [secdir] secdir review of draft-ietf-nfsv4-mv… Christopher Wood