[secdir] RPCSEC_GSS analysis (was Re: [nfsv4] SECDIR Review of draft-ietf-nfsv4-umask-03)
Nico Williams <nico@cryptonector.com> Mon, 05 June 2017 17:17 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DF07129584; Mon, 5 Jun 2017 10:17:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.8
X-Spam-Level:
X-Spam-Status: No, score=-4.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TEBEsrOTuyTi; Mon, 5 Jun 2017 10:17:10 -0700 (PDT)
Received: from homiemail-a66.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66837129411; Mon, 5 Jun 2017 10:17:10 -0700 (PDT)
Received: from homiemail-a66.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a66.g.dreamhost.com (Postfix) with ESMTP id B409AC002828; Mon, 5 Jun 2017 10:17:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=rHJn8E9PHLYmkD Z2fuoCyTLwMvA=; b=hY6rXSUhFT+PBGse/lPE7rDySRnzavYwZ8OFZxi78QUbDm +KDBRQZ/LLbPi80RizuEkhfm7O+zk+TI0IpmwVgYWKl5I5QYTcH83s/Xos2fqFBF SWlLoQkvyYTe4wbKCQZtfcgc5V59RrKc9ohm2ofpgaxTp4ImYMk5OIwBdAGNM=
Received: from localhost (cpe-70-123-158-140.austin.res.rr.com [70.123.158.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a66.g.dreamhost.com (Postfix) with ESMTPSA id 6DA05C002821; Mon, 5 Jun 2017 10:17:08 -0700 (PDT)
Date: Mon, 05 Jun 2017 12:17:05 -0500
From: Nico Williams <nico@cryptonector.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: David Noveck <davenoveck@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>, Phillip Hallam-Baker <phill@hallambaker.com>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, NFSv4 <nfsv4@ietf.org>
Message-ID: <20170605171704.GF2903@localhost>
References: <CAMm+Lwh+E+BsATQmmX6ccJou-sz1XNtFHxQZikohYCeT0qkfdQ@mail.gmail.com> <CAKKJt-fsJ1UinNiW2LitxVQT4M1YqnFF+1cygU132=bQNgiUnA@mail.gmail.com> <CADaq8jd+6gN2H0QWC+dM-e3pb1gUJKLE7=8PPpprGGKBQZhueg@mail.gmail.com> <CACsn0cnd0L2o2Db6OA1Uvp-C+geA+Ju-7E8Yo=OKS1V3P4G8sA@mail.gmail.com> <20170605165254.GE2903@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20170605165254.GE2903@localhost>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/ujTeMtu74bSYrXBmTFm1XLdPhFk>
Subject: [secdir] RPCSEC_GSS analysis (was Re: [nfsv4] SECDIR Review of draft-ietf-nfsv4-umask-03)
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jun 2017 17:17:12 -0000
> [...]. A more > complete analysis of RPCSEC_GSS should really not be done in the context > of this I-D. So here is that thread. ONC RPC is... an RPC protocol. Requests have a 32-bit (small) XID that responses repeat. The XID allows responses to be sent out of order, and resembles what HTTP/2 calls channels (or whatever). Each RPC request or response message has a header which carries said XID and other metadata, including a field for security that RPCSEC_GSS uses to a) identify a "security context" (explained earlier) and b) include a MIC of metadata. A "MIC" is a lot like a MAC, with some additional metadata. Each RPC request or response message also contains a payload. The payload is either MIC'ed (to provide only integrity protection) or "wrapped" (to also provide integrity protection. "MIC" and "wrap" are GSS [RFC2743] terminology. GSS is an API and a small amount of protocol for authenticating peers to each other. GSS has an "initiator" (the client in the NFS case) and an "acceptor" (the server in the NFS case). At first the initiator and acceptor engage in an exchange of "security context tokens" (messages) until "security context" establishment succeeds or fail. An established security context basically has session keys that can be used to make/verify MICs (again, MAC-like messages), or wrap/unwrap "wrap tokens". Wrapping can provide either integrity protection, or both integrity and confidentiality protection. MIC and wrap tokens can carry things like timestamps or sequence numbers in them that can be used to deal with out of sequence delivery and detect replays. All of the metadata in RPC headers goes in the clear unless the TCP connection is further protected by IPsec or TLS or SSHv2 or whatever. People have run NFSv4 over all of those, but there is no standard for doing so over TLS or SSHv2 -- there is no "upgrade to TLS" feature in NFSv4 (unless it's been added recently and I missed it). The binding between header and payload is done, IIRC, by including the payload MIC or wrap token in the input to the header MIC token input, but I may be misremembering. You can go check RFC2205 to double-check. Wrap tokens nowadays can do "AEAD" style "encrypt some plaintext and authenticate it and additional data", which would benefit RPCSEC_GSS. But even so, the most efficient thing we can do is implement RFC5660 and run NFSv4 with channel binding to IPsec. Nico --
- [secdir] SECDIR Review of draft-ietf-nfsv4-umask-… Phillip Hallam-Baker
- Re: [secdir] SECDIR Review of draft-ietf-nfsv4-um… Spencer Dawkins at IETF
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… David Noveck
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… Watson Ladd
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… Phillip Hallam-Baker
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… Nico Williams
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… Nico Williams
- [secdir] RPCSEC_GSS analysis (was Re: [nfsv4] SEC… Nico Williams
- Re: [secdir] [nfsv4] RPCSEC_GSS analysis (was Re:… Nico Williams
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… David Noveck
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… David Noveck
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… Nico Williams
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… Spencer Dawkins at IETF
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… David Noveck
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… Phillip Hallam-Baker
- Re: [secdir] [nfsv4] SECDIR Review of draft-ietf-… Spencer Dawkins at IETF