Re: SECDIR Review of draft-ietf-nfsv4-umask-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, Phillip,

(adding the NFSv4 working group mailing list, because the issue you raised in this review is relevant to pretty much all of NFSv4)

On Thu, May 18, 2017 at 12:10 PM, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
Reviewer: 
​Phillip Hallam-Baker

Review result: 
​OK but...​


I reviewed this document as part of the Security Directorate's
ongoing
effort to review all IETF documents being processed by the IESG.
These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Document: Review of draft-ietf-nfsv4-umask-03
Reviewer:
​Phillip Hallam-Baker



Review result: 
​OK but...​


This particular draft looks OK to me. Aligning the semantics of NFS with the semantics of the file system seems to me to be absolutely the way to go forward. I am not sufficiently experienced in the semantics of NFS or Unix as deployed to be able to offer an opinion on whether the draft achieves that. However it appears that the author does.

​What is problematic here is that the Security Considerations in the draft are essentially relying on those in rfc7530 which are woefully inadequate given the critical role of NFS in Internet security. They are not so much a security plan as a collection of random thoughts jotted down in haphazard fashion.​

There is clearly no coherent model of what NFS security should achieve, what the threats are, what controls are deployed to control them. Also note that the main reason this review is late is that I have been dealing with issues arising from WannaCry which used an SMB:1 exploit. Re-reading RFC7530 in the light of that experience gives me grave concern.

This is very interesting ...

Speaking as the responsible AD, I'm thinking that the right thing to do, is for me to ask the NFSv4 working group to consider the issue you're raising, with the high-order bit question being whether it's time to revisit NFS security. The working group is actively discussing a recharter, likely to be discussed in Prague, so it's the right time to ask the question.

Given that RFC 7530 is the umbrella RFC for all of NFSv4, I'm thinking that's the right place to fix anything that needs fixing.

And thanks for your review.

Spencer 
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]