[secdir] Secdir last call review of draft-ietf-nfsv4-layoutwcc-04
Benjamin Schwartz via Datatracker <noreply@ietf.org> Thu, 31 October 2024 19:19 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from [10.244.8.206] (unknown [104.131.183.230]) by ietfa.amsl.com (Postfix) with ESMTP id 34DA7C14F5EB; Thu, 31 Oct 2024 12:19:38 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Schwartz via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.26.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <173040237779.57191.9072111440920309915@dt-datatracker-84cf84bdcc-hlxgg>
Date: Thu, 31 Oct 2024 12:19:37 -0700
Message-ID-Hash: 75NF3SKBSYIUCUXA5GFHFYBHBSQEJOPL
X-Message-ID-Hash: 75NF3SKBSYIUCUXA5GFHFYBHBSQEJOPL
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-nfsv4-layoutwcc.all@ietf.org, last-call@ietf.org, nfsv4@ietf.org
X-Mailman-Version: 3.3.9rc6
Reply-To: Benjamin Schwartz <ietf@bemasc.net>
Subject: [secdir] Secdir last call review of draft-ietf-nfsv4-layoutwcc-04
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/V36kcGuj9uPbmGL6g-HbwxJWSS0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Reviewer: Benjamin Schwartz Review result: Ready This specification is not highly security-relevant, and it does not have any content in its Security Considerations. In general, allowing file metadata, including size and ownership, to be desynchronized from the file contents, does carry significant security implications. For example, understating the size of the file could lead to a buffer overflow in an incautious client. If these considerations have already been addressed in another document, I think a specific citation to that text would be appropriate here.
- [secdir] Secdir last call review of draft-ietf-nf… Benjamin Schwartz via Datatracker
- [secdir] Re: Secdir last call review of draft-iet… Thomas Haynes