IETF Logo Mail Archive

Re: [secdir] [nfsv4] Secdir last call review of draft-ietf-nfsv4-rpcrdma-cm-pvt-data-06

Chuck Lever <chuck.lever@oracle.com> Thu, 30 January 2020 15:10 UTC

Return-Path: <chuck.lever@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2598D12018D; Thu, 30 Jan 2020 07:10:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hxJi25NEcnVe; Thu, 30 Jan 2020 07:10:23 -0800 (PST)
Received: from userp2120.oracle.com (userp2120.oracle.com [156.151.31.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EF39120180; Thu, 30 Jan 2020 07:10:23 -0800 (PST)
Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id 00UF83OV127543; Thu, 30 Jan 2020 15:10:22 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=mime-version : message-id : date : from : to : cc : subject : references : in-reply-to : content-type : content-transfer-encoding; s=corp-2019-08-05; bh=Cm847tvq4HUlYEXLz/q2SUCOXt5uakoPrRljyt2dqB4=; b=CDk0OX8wPkEmUPRfvBGG4aX+reeRpzBIkhT3A/fc7CnAlkjY7xags4iUpGUK5IJy+d9k dpyhZEpr/ko0kfoHt3KiBDyfn8AXAHkHQ+K7lx/p4nPpPy+j1Q2BTAhFwbo0/22w4vu2 mzCq80CoIOQGVX9e6RJrCxBpUDkBCoG6kDyl1nhsN5R14KdD24Qoeyw4x5eI+Pi+zg+y YyPscQwTD+jbnSv9gz11VAIWiLkZ/1mUT6Kd5wnEqjs8NGpTmI5G5/cgwfyG24Ayq67L f9wITyA9CxeSWq0iEA6btYa3PgQLaAl9iO8JmZDL+WzBjFEoBqEdPw2OwFiKT3LTN4bn Vg==
Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2120.oracle.com with ESMTP id 2xrearmhkv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 30 Jan 2020 15:10:22 +0000
Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id 00UF9N84178426; Thu, 30 Jan 2020 15:10:21 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userp3020.oracle.com with ESMTP id 2xu8e8udjt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 30 Jan 2020 15:10:21 +0000
Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id 00UFAG7k010902; Thu, 30 Jan 2020 15:10:16 GMT
Received: from anon-dhcp-152.1015granger.net (/68.61.232.219) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 30 Jan 2020 07:09:15 -0800
MIME-Version: 1.0
Message-ID: <DA051FCB-F042-46B8-95C3-19E764023A48@oracle.com>
Date: Thu, 30 Jan 2020 07:09:14 -0800
From: Chuck Lever <chuck.lever@oracle.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: secdir@ietf.org, last-call@ietf.org, nfsv4@ietf.org, draft-ietf-nfsv4-rpcrdma-cm-pvt-data.all@ietf.org
References: <158007038921.30641.13334124837519126164@ietfa.amsl.com> <80F557DD-BD17-4119-98B9-614B7A9FDDFB@oracle.com> <85F5B476-8720-488B-9262-CBA9B322BFD3@gmail.com>
In-Reply-To: <85F5B476-8720-488B-9262-CBA9B322BFD3@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9515 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-2001300110
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9515 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001 definitions=main-2001300110
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Bi_umTo3aym9zQhtHntGdp3ImVM>
Subject: Re: [secdir] [nfsv4] Secdir last call review of draft-ietf-nfsv4-rpcrdma-cm-pvt-data-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jan 2020 15:10:25 -0000

Hello Yaron-

The Security Considerations section now reads as follows:

6.  Security Considerations

   The reader is directed to the Security Considerations section of
   [RFC8166] for background and further discussion.

   The RPC-over-RDMA version 1 protocol framework depends on the
   semantics of the Reliable Connected (RC) queue pair (QP) type, as
   defined in Section 9.7.7 of [IBA].  The integrity of CM Private Data
   and the authenticity of its source are ensured by the exclusive use
   of RC queue pairs.  Any attempt to interfere with or hijack data in
   transit on an RC connection results in the RDMA provider terminating
   the connection.

   Additional analysis of RDMA transport security appears in the
   Security Considerations section of [RFC5042].  That document
   recommends IPsec as the default transport layer security solution.
   When deployed with iWARP, IPsec establishes a protected channel
   before any iWARP operations are exchanged, thus it protects the
   exchange of Private Data that occurs as each QP is established.
   However, IPsec is not available for InfiniBand or RoCE deployments.
   Those fabrics rely on physical security and cyclic redundancy checks
   to protect network traffic.

   Improperly setting one of the fields in a version 1 Private Message
   can result in an increased risk of disconnection (i.e., self-imposed
   Denial of Service).  There is no additional risk of exposing upper-
   layer payloads after exchanging the Private Message format defined in
   the current document.

   In addition to describing the structure of a new format version, any
   document that extends the Private Data format described in the
   current document must discuss security considerations of new data
   items exchanged between connection peers.


--
Chuck Lever

v2.23.0 | Report a Bug | By Email