I gave a 15 minute presentation on IMA on NFS during the nfsv4 Working Group meeting at IETF 102 a couple of weeks ago. Meeting material is here: https://datatracker.ietf.org/meeting/102/session/nfsv4 The latest draft describing Integrity Measurement on NFS is here: https://datatracker.ietf.org/doc/draft-ietf-nfsv4-integrity-measurement/ Comments, questions, or corrections to my understanding are welcome. The largest issue with the proposal remains how to construct a normative Internet standard for IMA on NFS without a published standard for IMA itself. I've been asked to inquire with the IMA community whether there is any interest in or a plan for creating a standard around IMA on local filesystems? Next, as I move forward with a prototype of IMA on NFS, I'd like to better understand the considerations for how an NFS server should authorize read access to file and attribute hashes, and how it should authorize updates to these hashes. Is there writing or code I can look at in local file systems that can give me insight about what kind of protection an NFS server needs to provide for this metadata? -- Chuck Lever
