> Chuck Lever III <chuck.lever@xxxxxxxxxx> wrote: > > On Apr 19, 2022, at 2:48 PM, Trond Myklebust <trondmy@xxxxxxxxxxxxxxx> wrote: > > > > On Tue, 2022-04-19 at 16:00 +0000, Chuck Lever III wrote: > >> Hi Trond- > >> > >> Thanks for the early review! >> [good stuff snipped] > >> > >> However, one of Rick's preferences is that "auto" not use > >> transport-layer security unless the server requires it via > >> a SECINFO/MNT pseudoflavor, which only the kernel would be > >> privy to. I'll have to think about whether we want to make > >> that happen. Just fyi, the above was not exactly what I thought. My concern with "xprtsec=auto" was that the client (user/admin doing the mount) would not know if on the wire encryption was happening or not. As such, this case in not implemented in the FreeBSD client at this time. (I may do so in order to ne Linux compatible, but I doubt it will be the default. Of course, it is really up to the "FreeBSD collective" and not just me.) For the "xprtsec=auto" case, I am fine with the client attempting the NULL AUTH_TLS RPC probe as soon as a connection is established, followed by a TLS handshake, if the NULL AUTH_TLS RPC probe succeeds. At this time, the FreeBSD client does not use indications from the server, such as SECINFO to decide to do the NULL AUTH_TLS RPC. The current implementation does it optionally (just called "tls", which is the equivalent of "xprtsec=tls"), as soon as a connection is established. > > > > That sounds like a terrible protocol hack. TLS is not an authentication > > flavour but a transport level protection. Not sure if I lost the "context" w.r.t. this comment, but I argued that this should not be more "sec=XXX" options, since it was related to the transport and not user authentication. > Fair enough. We've been discussing this on nfsv4@xxxxxxxx, and > it's certainly not written in stone yet. Yes. I cannot guarantee FreeBSD will become Linux compatible, but what Linux chooses is certainly up to the Linux community. Since Linux is the "big player", I do attempt to keep FreeBSD's mount options compatible, whenever practical. > I invite you to join the conversation and share your concerns > (and possibly any alternative solutions you might have). > > > > That said, I don't see how this invalidates my argument. When told to > > use TLS, the kernel client can still return a mount time error if the > > server fails to advertise support through this pseudoflavour and leave > > it up to userspace to decide how to deal with that. > > Sure. I'm just saying I haven't thought it through yet. I don't > think it will be a problem to move more (or all) of the transport > security policy to mount.nfs. It happens to be implemented in the kernel for FreeBSD, but that was just what was convenient for FreeBSD. (New TCP connections for RPCs, including reconnects, are done in the krpc for FreeBSD, so that is where it needed to know whether or not to do the NULL AUTH_TLS RPC probe.) rick -- Chuck Lever