Re: [secdir] secdir review of draft-ietf-nfsv4-minorversion2-39

Tom Haynes <thomas.haynes@primarydata.com> Sun, 29 November 2015 15:57 UTC

Return-Path: <thomas.haynes@primarydata.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE9611B379F for <secdir@ietfa.amsl.com>; Sun, 29 Nov 2015 07:57:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uB5iQNduUIfA for <secdir@ietfa.amsl.com>; Sun, 29 Nov 2015 07:57:50 -0800 (PST)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A752B1B379B for <secdir@ietf.org>; Sun, 29 Nov 2015 07:57:50 -0800 (PST)
Received: by igcto18 with SMTP id to18so55646244igc.0 for <secdir@ietf.org>; Sun, 29 Nov 2015 07:57:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=primarydata-com.20150623.gappssmtp.com; s=20150623; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=qCohYgxnq6S+axTZ7QLa9vr4AWdgNagtpFCXCdo8TR8=; b=lAHadml19dFy2t6C4QTtaTzhwor9C3a7/ZCiJFISWn5X0l+0GQyFUDr2ICt1ze9vF2 yvvy3q1aSmct/2AUiiusL94xm5H+2qV6UAYF2MmsDlYlNv/F/FZt/pWhs0LV3oloKfL5 fO8Q7ReyPll2lwRZMhi3PTKTWGvbAuK6OTKgVfJPXt6dC/ESpSsoWwFIwvp8rPWa3pDM abCsPDFm5qGcyy/DFiPeCjm+RskOuVS7mquAAf2/HhZTvb+WZnUh7MggdNMg4dZLIN2c wPnvS76OgsGcyBMul/RY2o7CgR/YPrwdcnKcjvI+HA4QjkQXIMO2x56+sU1UrPashtkd 9QOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=qCohYgxnq6S+axTZ7QLa9vr4AWdgNagtpFCXCdo8TR8=; b=UGqaBBsnmbALl1Y6M9c0KJeBpWLT9d+oZiQ8f7mRtTRCp8fGrSvgTCXz4HlE+zZsfH GqkbTq1SVFrcq4jYspjuLlCpj3bdiZ7c7RAxpVdXgoHwSlo3Oj9rrPl2UrMWNCi7u8YQ txrLHsdhsFHSRh0HFFeS9ZBAa2sLjJTjww8oef70L9wZH5cYn/QMY4v1ojAvvtMthE0z NuDdRj1crIvrPssvq3bpzj9kDsDS6aw/cSZdujr46jcThgIu/zsV2HU2glHEGUxdpMwW rzVZbGoJPXbu4fv03DbDiCrnfDu4BSboF1jm+bL5ceaVN8K6UW1JWKBHYZWwf/WZKk7+ rouA==
X-Gm-Message-State: ALoCoQn47mmD9nGd/4AuCvYWrQgPPDOg5YAjEer3KupfbXtnpfddrhDLWyzTAdtYik4mBViVhP6F
X-Received: by 10.50.136.226 with SMTP id qd2mr17299608igb.37.1448812669965; Sun, 29 Nov 2015 07:57:49 -0800 (PST)
Received: from kinslayer.lan ([45.52.180.144]) by smtp.gmail.com with ESMTPSA id xg9sm6547858igb.7.2015.11.29.07.57.48 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 29 Nov 2015 07:57:49 -0800 (PST)
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
Content-Type: text/plain; charset="us-ascii"
From: Tom Haynes <thomas.haynes@primarydata.com>
X-Priority: 3 (Normal)
In-Reply-To: <1448809848.875230642@apps.rackspace.com>
Date: Sun, 29 Nov 2015 10:57:47 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <F6E01285-FC79-40C1-A4E6-DF2A7CEFBEFB@primarydata.com>
References: <1448809848.875230642@apps.rackspace.com>
To: "Scott G. Kelly" <scott@hyperthought.com>
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/y3-pY9tPKzahEtpFuyHa31FOrCw>
X-Mailman-Approved-At: Sun, 29 Nov 2015 08:07:42 -0800
Cc: draft-ietf-nfsv4-minorversion2.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-nfsv4-minorversion2-39
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2015 15:57:53 -0000

> On Nov 29, 2015, at 10:10 AM, Scott G. Kelly <scott@hyperthought.com> wrote:
> 
> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.
> 
> This doc describes minor version 2 updates to NFSv4. There are 6 new operations/features supported: Server Side Copy, Application I/O Advise, Space Reservations, Sparse Files, Application Data Blocks, and Labeled NFS.
> 
> Consistent with other NFS docs, security considerations specific to an operation are described in the section for that operation. Server Side Copy and Labeled NFS each contain their own sub-sections.
> 
> The main security considerations section states that this revision has all the security considerations of NFS version 4.1 (referencing RFC5661), and also refers to the feature-specific discussions in previous sections.
> 
> I didn't find any issues not already addressed by the security considerations in this and referenced docs. 
> 
> --Scott
> 
> 
> 


Thanks for the review Scott.